From d5b011bbf9976ea29b40535151bea40de829c767 Mon Sep 17 00:00:00 2001 From: Spencer Small Date: Fri, 15 Mar 2024 12:03:11 -0700 Subject: [PATCH] Add GCP ConfigConnector schemas Close https://github.com/datreeio/CRDs-catalog/issues/278 --- ...cesscontextmanageraccesslevel_v1beta1.json | 394 ++ ...esscontextmanageraccesspolicy_v1beta1.json | 88 + ...ontextmanagerserviceperimeter_v1beta1.json | 1441 ++++++ .../alloydbbackup_v1alpha1.json | 242 + .../alloydbbackup_v1beta1.json | 242 + .../alloydbcluster_v1alpha1.json | 832 ++++ .../alloydbcluster_v1beta1.json | 832 ++++ .../alloydbinstance_v1alpha1.json | 202 + .../alloydbinstance_v1beta1.json | 202 + .../alloydbuser_v1beta1.json | 196 + .../apigeeenvironment_v1beta1.json | 152 + .../apigeeorganization_v1beta1.json | 317 ++ .../artifactregistryrepository_v1beta1.json | 389 ++ .../bigquerydataset_v1beta1.json | 342 ++ .../bigqueryjob_v1beta1.json | 973 ++++ .../bigqueryroutine_v1beta1.json | 243 + .../bigquerytable_v1beta1.json | 610 +++ .../bigtableappprofile_v1beta1.json | 167 + .../bigtablegcpolicy_v1beta1.json | 221 + .../bigtableinstance_v1beta1.json | 186 + .../bigtabletable_v1beta1.json | 153 + .../billingbudgetsbudget_v1beta1.json | 505 +++ .../binaryauthorizationattestor_v1beta1.json | 238 + .../binaryauthorizationpolicy_v1beta1.json | 517 +++ ...ertificatemanagercertificate_v1alpha1.json | 488 ++ ...certificatemanagercertificate_v1beta1.json | 488 ++ ...ificatemanagercertificatemap_v1alpha1.json | 173 + ...tificatemanagercertificatemap_v1beta1.json | 173 + ...temanagercertificatemapentry_v1alpha1.json | 251 ++ ...atemanagercertificatemapentry_v1beta1.json | 251 ++ ...icatemanagerdnsauthorization_v1alpha1.json | 153 + ...ficatemanagerdnsauthorization_v1beta1.json | 153 + .../cloudbuildtrigger_v1beta1.json | 1691 +++++++ .../cloudfunctionsfunction_v1beta1.json | 413 ++ .../cloudidentitygroup_v1beta1.json | 127 + .../cloudidentitymembership_v1beta1.json | 240 + .../cloudschedulerjob_v1beta1.json | 454 ++ .../computeaddress_v1beta1.json | 226 + .../computebackendbucket_v1beta1.json | 244 + .../computebackendservice_v1beta1.json | 1203 +++++ .../computedisk_v1beta1.json | 953 ++++ .../computeexternalvpngateway_v1beta1.json | 99 + .../computefirewall_v1beta1.json | 345 ++ .../computefirewallpolicy_v1beta1.json | 217 + ...putefirewallpolicyassociation_v1beta1.json | 187 + .../computefirewallpolicyrule_v1beta1.json | 364 ++ .../computeforwardingrule_v1beta1.json | 777 ++++ .../computehealthcheck_v1beta1.json | 308 ++ .../computehttphealthcheck_v1beta1.json | 105 + .../computehttpshealthcheck_v1beta1.json | 105 + .../computeimage_v1beta1.json | 403 ++ .../computeinstance_v1beta1.json | 1354 ++++++ .../computeinstancegroup_v1beta1.json | 211 + .../computeinstancegroupmanager_v1beta1.json | 769 ++++ .../computeinstancetemplate_v1beta1.json | 1284 ++++++ ...computeinterconnectattachment_v1beta1.json | 265 ++ .../computenetwork_v1beta1.json | 105 + .../computenetworkendpointgroup_v1beta1.json | 196 + .../computenetworkfirewallpolicy_v1beta1.json | 150 + .../computenetworkpeering_v1beta1.json | 199 + .../computenodegroup_v1beta1.json | 311 ++ .../computenodetemplate_v1beta1.json | 128 + .../computepacketmirroring_v1beta1.json | 461 ++ .../computeprojectmetadata_v1beta1.json | 75 + ...uteregionnetworkendpointgroup_v1beta1.json | 317 ++ .../computereservation_v1beta1.json | 180 + .../computeresourcepolicy_v1beta1.json | 304 ++ .../computeroute_v1beta1.json | 307 ++ .../computerouter_v1beta1.json | 192 + .../computerouterinterface_v1beta1.json | 376 ++ .../computerouternat_v1beta1.json | 515 +++ .../computerouterpeer_v1beta1.json | 329 ++ .../computesecuritypolicy_v1beta1.json | 569 +++ .../computeserviceattachment_v1beta1.json | 418 ++ .../computesharedvpchostproject_v1beta1.json | 56 + ...omputesharedvpcserviceproject_v1beta1.json | 121 + .../computesnapshot_v1beta1.json | 457 ++ .../computesslcertificate_v1beta1.json | 215 + .../computesslpolicy_v1beta1.json | 103 + .../computesubnetwork_v1beta1.json | 238 + .../computetargetgrpcproxy_v1beta1.json | 139 + .../computetargethttpproxy_v1beta1.json | 150 + .../computetargethttpsproxy_v1beta1.json | 357 ++ .../computetargetinstance_v1beta1.json | 242 + .../computetargetpool_v1beta1.json | 301 ++ .../computetargetsslproxy_v1beta1.json | 294 ++ .../computetargettcpproxy_v1beta1.json | 145 + .../computetargetvpngateway_v1beta1.json | 142 + .../computeurlmap_v1beta1.json | 2703 +++++++++++ .../computevpngateway_v1beta1.json | 206 + .../computevpntunnel_v1beta1.json | 443 ++ .../configcontrollerinstance_v1beta1.json | 312 ++ .../containercluster_v1beta1.json | 2247 ++++++++++ .../containernodepool_v1beta1.json | 1145 +++++ .../containeranalysisnote_v1beta1.json | 618 +++ .../containerattachedcluster_v1beta1.json | 364 ++ .../configconnector_v1beta1.json | 118 + .../configconnectorcontext_v1beta1.json | 69 + .../controllerresource_v1alpha1.json | 145 + .../controllerresource_v1beta1.json | 145 + ...okconfigurationcustomization_v1alpha1.json | 97 + ...ookconfigurationcustomization_v1beta1.json | 97 + ...namespacedcontrollerresource_v1alpha1.json | 127 + .../namespacedcontrollerresource_v1beta1.json | 127 + ...okconfigurationcustomization_v1alpha1.json | 98 + ...ookconfigurationcustomization_v1beta1.json | 98 + .../datacatalogpolicytag_v1beta1.json | 190 + .../datacatalogtaxonomy_v1beta1.json | 146 + .../dataflowflextemplatejob_v1beta1.json | 338 ++ .../dataflowjob_v1beta1.json | 331 ++ .../datafusioninstance_v1beta1.json | 289 ++ .../dataprocautoscalingpolicy_v1beta1.json | 224 + .../dataproccluster_v1beta1.json | 2039 +++++++++ .../dataprocworkflowtemplate_v1beta1.json | 2012 +++++++++ .../dlpdeidentifytemplate_v1beta1.json | 3971 +++++++++++++++++ .../dlpinspecttemplate_v1beta1.json | 608 +++ .../dlpjobtrigger_v1beta1.json | 1541 +++++++ .../dlpstoredinfotype_v1beta1.json | 457 ++ .../dnsmanagedzone_v1beta1.json | 419 ++ .../dnspolicy_v1beta1.json | 172 + .../dnsrecordset_v1beta1.json | 212 + .../edgecontainercluster_v1beta1.json | 598 +++ .../edgecontainernodepool_v1beta1.json | 281 ++ .../edgecontainervpnconnection_v1beta1.json | 258 ++ .../edgenetworknetwork_v1beta1.json | 152 + .../edgenetworksubnet_v1beta1.json | 220 + .../eventarctrigger_v1beta1.json | 614 +++ .../filestorebackup_v1beta1.json | 215 + .../filestoreinstance_v1beta1.json | 333 ++ .../firestoreindex_v1beta1.json | 107 + .../gkehubfeature_v1beta1.json | 285 ++ .../gkehubfeaturemembership_v1beta1.json | 555 +++ .../gkehubmembership_v1beta1.json | 320 ++ .../iamaccessboundarypolicy_v1beta1.json | 188 + .../iamauditconfig_v1beta1.json | 125 + .../iamcustomrole_v1beta1.json | 100 + .../iampartialpolicy_v1beta1.json | 399 ++ .../iampolicy_v1beta1.json | 241 + .../iampolicymember_v1beta1.json | 286 ++ .../iamserviceaccount_v1beta1.json | 94 + .../iamserviceaccountkey_v1beta1.json | 153 + .../iamworkforcepool_v1beta1.json | 151 + .../iamworkforcepoolprovider_v1beta1.json | 314 ++ .../iamworkloadidentitypool_v1beta1.json | 143 + ...mworkloadidentitypoolprovider_v1beta1.json | 247 + .../iapbrand_v1beta1.json | 78 + .../iapidentityawareproxyclient_v1beta1.json | 130 + .../identityplatformconfig_v1beta1.json | 839 ++++ ...dentityplatformoauthidpconfig_v1beta1.json | 160 + .../identityplatformtenant_v1beta1.json | 111 + ...yplatformtenantoauthidpconfig_v1beta1.json | 216 + .../kmscryptokey_v1beta1.json | 164 + .../kmskeyring_v1beta1.json | 80 + .../logginglogbucket_v1beta1.json | 325 ++ .../logginglogexclusion_v1beta1.json | 316 ++ .../logginglogmetric_v1beta1.json | 311 ++ .../logginglogsink_v1beta1.json | 515 +++ .../logginglogview_v1beta1.json | 366 ++ .../memcacheinstance_v1beta1.json | 316 ++ .../monitoringalertpolicy_v1beta1.json | 520 +++ .../monitoringdashboard_v1beta1.json | 3198 +++++++++++++ .../monitoringgroup_v1beta1.json | 184 + .../monitoringmetricdescriptor_v1beta1.json | 201 + .../monitoringmonitoredproject_v1beta1.json | 81 + ...monitoringnotificationchannel_v1beta1.json | 286 ++ .../monitoringservice_v1beta1.json | 137 + ...nitoringservicelevelobjective_v1beta1.json | 539 +++ .../monitoringuptimecheckconfig_v1beta1.json | 380 ++ .../networkconnectivityhub_v1beta1.json | 158 + .../networkconnectivityspoke_v1beta1.json | 482 ++ ...rksecurityauthorizationpolicy_v1beta1.json | 235 + ...etworksecurityclienttlspolicy_v1beta1.json | 217 + ...etworksecurityservertlspolicy_v1beta1.json | 227 + ...networkservicesendpointpolicy_v1beta1.json | 348 ++ .../networkservicesgateway_v1beta1.json | 219 + .../networkservicesgrpcroute_v1beta1.json | 471 ++ .../networkserviceshttproute_v1beta1.json | 742 +++ .../networkservicesmesh_v1beta1.json | 150 + .../networkservicestcproute_v1beta1.json | 363 ++ .../networkservicestlsroute_v1beta1.json | 365 ++ .../osconfigguestpolicy_v1beta1.json | 767 ++++ .../osconfigospolicyassignment_v1beta1.json | 1026 +++++ .../privatecacapool_v1beta1.json | 485 ++ .../privatecacertificate_v1beta1.json | 1028 +++++ ...privatecacertificateauthority_v1beta1.json | 1122 +++++ .../privatecacertificatetemplate_v1beta1.json | 411 ++ .../pubsubschema_v1beta1.json | 130 + .../pubsubsubscription_v1beta1.json | 451 ++ .../pubsubtopic_v1beta1.json | 200 + .../pubsublitereservation_v1beta1.json | 132 + .../recaptchaenterprisekey_v1beta1.json | 236 + .../redisinstance_v1beta1.json | 458 ++ .../folder_v1beta1.json | 220 + .../project_v1beta1.json | 257 ++ .../resourcemanagerlien_v1beta1.json | 153 + .../resourcemanagerpolicy_v1beta1.json | 313 ++ run.cnrm.cloud.google.com/runjob_v1beta1.json | 1120 +++++ .../runservice_v1beta1.json | 1282 ++++++ .../secretmanagersecret_v1beta1.json | 345 ++ .../secretmanagersecretversion_v1beta1.json | 210 + .../servicedirectoryendpoint_v1beta1.json | 229 + .../servicedirectorynamespace_v1beta1.json | 131 + .../servicedirectoryservice_v1beta1.json | 126 + .../servicenetworkingconnection_v1beta1.json | 178 + .../service_v1beta1.json | 116 + .../serviceidentity_v1beta1.json | 125 + .../sourcereporepository_v1beta1.json | 191 + .../spannerdatabase_v1beta1.json | 204 + .../spannerinstance_v1beta1.json | 91 + .../sqldatabase_v1beta1.json | 137 + .../sqlinstance_v1beta1.json | 911 ++++ .../sqlsslcert_v1beta1.json | 155 + .../sqluser_v1beta1.json | 247 + .../storagebucket_v1beta1.json | 385 ++ .../storagebucketaccesscontrol_v1beta1.json | 135 + ...agedefaultobjectaccesscontrol_v1beta1.json | 163 + .../storagenotification_v1beta1.json | 202 + .../storagetransferjob_v1beta1.json | 747 ++++ .../tagstagbinding_v1beta1.json | 175 + .../tagstagkey_v1beta1.json | 112 + .../tagstagvalue_v1beta1.json | 146 + .../vpcaccessconnector_v1beta1.json | 323 ++ 222 files changed, 89742 insertions(+) create mode 100644 accesscontextmanager.cnrm.cloud.google.com/accesscontextmanageraccesslevel_v1beta1.json create mode 100644 accesscontextmanager.cnrm.cloud.google.com/accesscontextmanageraccesspolicy_v1beta1.json create mode 100644 accesscontextmanager.cnrm.cloud.google.com/accesscontextmanagerserviceperimeter_v1beta1.json create mode 100644 alloydb.cnrm.cloud.google.com/alloydbbackup_v1alpha1.json create mode 100644 alloydb.cnrm.cloud.google.com/alloydbbackup_v1beta1.json create mode 100644 alloydb.cnrm.cloud.google.com/alloydbcluster_v1alpha1.json create mode 100644 alloydb.cnrm.cloud.google.com/alloydbcluster_v1beta1.json create mode 100644 alloydb.cnrm.cloud.google.com/alloydbinstance_v1alpha1.json create mode 100644 alloydb.cnrm.cloud.google.com/alloydbinstance_v1beta1.json create mode 100644 alloydb.cnrm.cloud.google.com/alloydbuser_v1beta1.json create mode 100644 apigee.cnrm.cloud.google.com/apigeeenvironment_v1beta1.json create mode 100644 apigee.cnrm.cloud.google.com/apigeeorganization_v1beta1.json create mode 100644 artifactregistry.cnrm.cloud.google.com/artifactregistryrepository_v1beta1.json create mode 100644 bigquery.cnrm.cloud.google.com/bigquerydataset_v1beta1.json create mode 100644 bigquery.cnrm.cloud.google.com/bigqueryjob_v1beta1.json create mode 100644 bigquery.cnrm.cloud.google.com/bigqueryroutine_v1beta1.json create mode 100644 bigquery.cnrm.cloud.google.com/bigquerytable_v1beta1.json create mode 100644 bigtable.cnrm.cloud.google.com/bigtableappprofile_v1beta1.json create mode 100644 bigtable.cnrm.cloud.google.com/bigtablegcpolicy_v1beta1.json create mode 100644 bigtable.cnrm.cloud.google.com/bigtableinstance_v1beta1.json create mode 100644 bigtable.cnrm.cloud.google.com/bigtabletable_v1beta1.json create mode 100644 billingbudgets.cnrm.cloud.google.com/billingbudgetsbudget_v1beta1.json create mode 100644 binaryauthorization.cnrm.cloud.google.com/binaryauthorizationattestor_v1beta1.json create mode 100644 binaryauthorization.cnrm.cloud.google.com/binaryauthorizationpolicy_v1beta1.json create mode 100644 certificatemanager.cnrm.cloud.google.com/certificatemanagercertificate_v1alpha1.json create mode 100644 certificatemanager.cnrm.cloud.google.com/certificatemanagercertificate_v1beta1.json create mode 100644 certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemap_v1alpha1.json create mode 100644 certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemap_v1beta1.json create mode 100644 certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemapentry_v1alpha1.json create mode 100644 certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemapentry_v1beta1.json create mode 100644 certificatemanager.cnrm.cloud.google.com/certificatemanagerdnsauthorization_v1alpha1.json create mode 100644 certificatemanager.cnrm.cloud.google.com/certificatemanagerdnsauthorization_v1beta1.json create mode 100644 cloudbuild.cnrm.cloud.google.com/cloudbuildtrigger_v1beta1.json create mode 100644 cloudfunctions.cnrm.cloud.google.com/cloudfunctionsfunction_v1beta1.json create mode 100644 cloudidentity.cnrm.cloud.google.com/cloudidentitygroup_v1beta1.json create mode 100644 cloudidentity.cnrm.cloud.google.com/cloudidentitymembership_v1beta1.json create mode 100644 cloudscheduler.cnrm.cloud.google.com/cloudschedulerjob_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeaddress_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computebackendbucket_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computebackendservice_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computedisk_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeexternalvpngateway_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computefirewall_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computefirewallpolicy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computefirewallpolicyassociation_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computefirewallpolicyrule_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeforwardingrule_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computehealthcheck_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computehttphealthcheck_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computehttpshealthcheck_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeimage_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeinstance_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeinstancegroup_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeinstancegroupmanager_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeinstancetemplate_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeinterconnectattachment_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computenetwork_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computenetworkendpointgroup_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computenetworkfirewallpolicy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computenetworkpeering_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computenodegroup_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computenodetemplate_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computepacketmirroring_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeprojectmetadata_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeregionnetworkendpointgroup_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computereservation_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeresourcepolicy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeroute_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computerouter_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computerouterinterface_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computerouternat_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computerouterpeer_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computesecuritypolicy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeserviceattachment_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computesharedvpchostproject_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computesharedvpcserviceproject_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computesnapshot_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computesslcertificate_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computesslpolicy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computesubnetwork_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computetargetgrpcproxy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computetargethttpproxy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computetargethttpsproxy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computetargetinstance_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computetargetpool_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computetargetsslproxy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computetargettcpproxy_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computetargetvpngateway_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computeurlmap_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computevpngateway_v1beta1.json create mode 100644 compute.cnrm.cloud.google.com/computevpntunnel_v1beta1.json create mode 100644 configcontroller.cnrm.cloud.google.com/configcontrollerinstance_v1beta1.json create mode 100644 container.cnrm.cloud.google.com/containercluster_v1beta1.json create mode 100644 container.cnrm.cloud.google.com/containernodepool_v1beta1.json create mode 100644 containeranalysis.cnrm.cloud.google.com/containeranalysisnote_v1beta1.json create mode 100644 containerattached.cnrm.cloud.google.com/containerattachedcluster_v1beta1.json create mode 100644 core.cnrm.cloud.google.com/configconnector_v1beta1.json create mode 100644 core.cnrm.cloud.google.com/configconnectorcontext_v1beta1.json create mode 100644 customize.core.cnrm.cloud.google.com/controllerresource_v1alpha1.json create mode 100644 customize.core.cnrm.cloud.google.com/controllerresource_v1beta1.json create mode 100644 customize.core.cnrm.cloud.google.com/mutatingwebhookconfigurationcustomization_v1alpha1.json create mode 100644 customize.core.cnrm.cloud.google.com/mutatingwebhookconfigurationcustomization_v1beta1.json create mode 100644 customize.core.cnrm.cloud.google.com/namespacedcontrollerresource_v1alpha1.json create mode 100644 customize.core.cnrm.cloud.google.com/namespacedcontrollerresource_v1beta1.json create mode 100644 customize.core.cnrm.cloud.google.com/validatingwebhookconfigurationcustomization_v1alpha1.json create mode 100644 customize.core.cnrm.cloud.google.com/validatingwebhookconfigurationcustomization_v1beta1.json create mode 100644 datacatalog.cnrm.cloud.google.com/datacatalogpolicytag_v1beta1.json create mode 100644 datacatalog.cnrm.cloud.google.com/datacatalogtaxonomy_v1beta1.json create mode 100644 dataflow.cnrm.cloud.google.com/dataflowflextemplatejob_v1beta1.json create mode 100644 dataflow.cnrm.cloud.google.com/dataflowjob_v1beta1.json create mode 100644 datafusion.cnrm.cloud.google.com/datafusioninstance_v1beta1.json create mode 100644 dataproc.cnrm.cloud.google.com/dataprocautoscalingpolicy_v1beta1.json create mode 100644 dataproc.cnrm.cloud.google.com/dataproccluster_v1beta1.json create mode 100644 dataproc.cnrm.cloud.google.com/dataprocworkflowtemplate_v1beta1.json create mode 100644 dlp.cnrm.cloud.google.com/dlpdeidentifytemplate_v1beta1.json create mode 100644 dlp.cnrm.cloud.google.com/dlpinspecttemplate_v1beta1.json create mode 100644 dlp.cnrm.cloud.google.com/dlpjobtrigger_v1beta1.json create mode 100644 dlp.cnrm.cloud.google.com/dlpstoredinfotype_v1beta1.json create mode 100644 dns.cnrm.cloud.google.com/dnsmanagedzone_v1beta1.json create mode 100644 dns.cnrm.cloud.google.com/dnspolicy_v1beta1.json create mode 100644 dns.cnrm.cloud.google.com/dnsrecordset_v1beta1.json create mode 100644 edgecontainer.cnrm.cloud.google.com/edgecontainercluster_v1beta1.json create mode 100644 edgecontainer.cnrm.cloud.google.com/edgecontainernodepool_v1beta1.json create mode 100644 edgecontainer.cnrm.cloud.google.com/edgecontainervpnconnection_v1beta1.json create mode 100644 edgenetwork.cnrm.cloud.google.com/edgenetworknetwork_v1beta1.json create mode 100644 edgenetwork.cnrm.cloud.google.com/edgenetworksubnet_v1beta1.json create mode 100644 eventarc.cnrm.cloud.google.com/eventarctrigger_v1beta1.json create mode 100644 filestore.cnrm.cloud.google.com/filestorebackup_v1beta1.json create mode 100644 filestore.cnrm.cloud.google.com/filestoreinstance_v1beta1.json create mode 100644 firestore.cnrm.cloud.google.com/firestoreindex_v1beta1.json create mode 100644 gkehub.cnrm.cloud.google.com/gkehubfeature_v1beta1.json create mode 100644 gkehub.cnrm.cloud.google.com/gkehubfeaturemembership_v1beta1.json create mode 100644 gkehub.cnrm.cloud.google.com/gkehubmembership_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamaccessboundarypolicy_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamauditconfig_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamcustomrole_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iampartialpolicy_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iampolicy_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iampolicymember_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamserviceaccount_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamserviceaccountkey_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamworkforcepool_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamworkforcepoolprovider_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamworkloadidentitypool_v1beta1.json create mode 100644 iam.cnrm.cloud.google.com/iamworkloadidentitypoolprovider_v1beta1.json create mode 100644 iap.cnrm.cloud.google.com/iapbrand_v1beta1.json create mode 100644 iap.cnrm.cloud.google.com/iapidentityawareproxyclient_v1beta1.json create mode 100644 identityplatform.cnrm.cloud.google.com/identityplatformconfig_v1beta1.json create mode 100644 identityplatform.cnrm.cloud.google.com/identityplatformoauthidpconfig_v1beta1.json create mode 100644 identityplatform.cnrm.cloud.google.com/identityplatformtenant_v1beta1.json create mode 100644 identityplatform.cnrm.cloud.google.com/identityplatformtenantoauthidpconfig_v1beta1.json create mode 100644 kms.cnrm.cloud.google.com/kmscryptokey_v1beta1.json create mode 100644 kms.cnrm.cloud.google.com/kmskeyring_v1beta1.json create mode 100644 logging.cnrm.cloud.google.com/logginglogbucket_v1beta1.json create mode 100644 logging.cnrm.cloud.google.com/logginglogexclusion_v1beta1.json create mode 100644 logging.cnrm.cloud.google.com/logginglogmetric_v1beta1.json create mode 100644 logging.cnrm.cloud.google.com/logginglogsink_v1beta1.json create mode 100644 logging.cnrm.cloud.google.com/logginglogview_v1beta1.json create mode 100644 memcache.cnrm.cloud.google.com/memcacheinstance_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringalertpolicy_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringdashboard_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringgroup_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringmetricdescriptor_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringmonitoredproject_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringnotificationchannel_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringservice_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringservicelevelobjective_v1beta1.json create mode 100644 monitoring.cnrm.cloud.google.com/monitoringuptimecheckconfig_v1beta1.json create mode 100644 networkconnectivity.cnrm.cloud.google.com/networkconnectivityhub_v1beta1.json create mode 100644 networkconnectivity.cnrm.cloud.google.com/networkconnectivityspoke_v1beta1.json create mode 100644 networksecurity.cnrm.cloud.google.com/networksecurityauthorizationpolicy_v1beta1.json create mode 100644 networksecurity.cnrm.cloud.google.com/networksecurityclienttlspolicy_v1beta1.json create mode 100644 networksecurity.cnrm.cloud.google.com/networksecurityservertlspolicy_v1beta1.json create mode 100644 networkservices.cnrm.cloud.google.com/networkservicesendpointpolicy_v1beta1.json create mode 100644 networkservices.cnrm.cloud.google.com/networkservicesgateway_v1beta1.json create mode 100644 networkservices.cnrm.cloud.google.com/networkservicesgrpcroute_v1beta1.json create mode 100644 networkservices.cnrm.cloud.google.com/networkserviceshttproute_v1beta1.json create mode 100644 networkservices.cnrm.cloud.google.com/networkservicesmesh_v1beta1.json create mode 100644 networkservices.cnrm.cloud.google.com/networkservicestcproute_v1beta1.json create mode 100644 networkservices.cnrm.cloud.google.com/networkservicestlsroute_v1beta1.json create mode 100644 osconfig.cnrm.cloud.google.com/osconfigguestpolicy_v1beta1.json create mode 100644 osconfig.cnrm.cloud.google.com/osconfigospolicyassignment_v1beta1.json create mode 100644 privateca.cnrm.cloud.google.com/privatecacapool_v1beta1.json create mode 100644 privateca.cnrm.cloud.google.com/privatecacertificate_v1beta1.json create mode 100644 privateca.cnrm.cloud.google.com/privatecacertificateauthority_v1beta1.json create mode 100644 privateca.cnrm.cloud.google.com/privatecacertificatetemplate_v1beta1.json create mode 100644 pubsub.cnrm.cloud.google.com/pubsubschema_v1beta1.json create mode 100644 pubsub.cnrm.cloud.google.com/pubsubsubscription_v1beta1.json create mode 100644 pubsub.cnrm.cloud.google.com/pubsubtopic_v1beta1.json create mode 100644 pubsublite.cnrm.cloud.google.com/pubsublitereservation_v1beta1.json create mode 100644 recaptchaenterprise.cnrm.cloud.google.com/recaptchaenterprisekey_v1beta1.json create mode 100644 redis.cnrm.cloud.google.com/redisinstance_v1beta1.json create mode 100644 resourcemanager.cnrm.cloud.google.com/folder_v1beta1.json create mode 100644 resourcemanager.cnrm.cloud.google.com/project_v1beta1.json create mode 100644 resourcemanager.cnrm.cloud.google.com/resourcemanagerlien_v1beta1.json create mode 100644 resourcemanager.cnrm.cloud.google.com/resourcemanagerpolicy_v1beta1.json create mode 100644 run.cnrm.cloud.google.com/runjob_v1beta1.json create mode 100644 run.cnrm.cloud.google.com/runservice_v1beta1.json create mode 100644 secretmanager.cnrm.cloud.google.com/secretmanagersecret_v1beta1.json create mode 100644 secretmanager.cnrm.cloud.google.com/secretmanagersecretversion_v1beta1.json create mode 100644 servicedirectory.cnrm.cloud.google.com/servicedirectoryendpoint_v1beta1.json create mode 100644 servicedirectory.cnrm.cloud.google.com/servicedirectorynamespace_v1beta1.json create mode 100644 servicedirectory.cnrm.cloud.google.com/servicedirectoryservice_v1beta1.json create mode 100644 servicenetworking.cnrm.cloud.google.com/servicenetworkingconnection_v1beta1.json create mode 100644 serviceusage.cnrm.cloud.google.com/service_v1beta1.json create mode 100644 serviceusage.cnrm.cloud.google.com/serviceidentity_v1beta1.json create mode 100644 sourcerepo.cnrm.cloud.google.com/sourcereporepository_v1beta1.json create mode 100644 spanner.cnrm.cloud.google.com/spannerdatabase_v1beta1.json create mode 100644 spanner.cnrm.cloud.google.com/spannerinstance_v1beta1.json create mode 100644 sql.cnrm.cloud.google.com/sqldatabase_v1beta1.json create mode 100644 sql.cnrm.cloud.google.com/sqlinstance_v1beta1.json create mode 100644 sql.cnrm.cloud.google.com/sqlsslcert_v1beta1.json create mode 100644 sql.cnrm.cloud.google.com/sqluser_v1beta1.json create mode 100644 storage.cnrm.cloud.google.com/storagebucket_v1beta1.json create mode 100644 storage.cnrm.cloud.google.com/storagebucketaccesscontrol_v1beta1.json create mode 100644 storage.cnrm.cloud.google.com/storagedefaultobjectaccesscontrol_v1beta1.json create mode 100644 storage.cnrm.cloud.google.com/storagenotification_v1beta1.json create mode 100644 storagetransfer.cnrm.cloud.google.com/storagetransferjob_v1beta1.json create mode 100644 tags.cnrm.cloud.google.com/tagstagbinding_v1beta1.json create mode 100644 tags.cnrm.cloud.google.com/tagstagkey_v1beta1.json create mode 100644 tags.cnrm.cloud.google.com/tagstagvalue_v1beta1.json create mode 100644 vpcaccess.cnrm.cloud.google.com/vpcaccessconnector_v1beta1.json diff --git a/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanageraccesslevel_v1beta1.json b/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanageraccesslevel_v1beta1.json new file mode 100644 index 00000000..62c29113 --- /dev/null +++ b/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanageraccesslevel_v1beta1.json @@ -0,0 +1,394 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "accessPolicyRef": { + "description": "The AccessContextManagerAccessPolicy this\nAccessContextManagerAccessLevel lives in.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `accessPolicies/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "basic": { + "description": "A set of predefined conditions for the access level and a combining function.", + "properties": { + "combiningFunction": { + "description": "How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"].", + "type": "string" + }, + "conditions": { + "description": "A set of requirements for the AccessLevel to be granted.", + "items": { + "properties": { + "devicePolicy": { + "description": "Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.", + "properties": { + "allowedDeviceManagementLevels": { + "description": "A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowedEncryptionStatuses": { + "description": "A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "osConstraints": { + "description": "A list of allowed OS versions.\nAn empty list allows all types and all versions.", + "items": { + "properties": { + "minimumVersion": { + "description": "The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".", + "type": "string" + }, + "osType": { + "description": "The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"].", + "type": "string" + }, + "requireVerifiedChromeOs": { + "description": "If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access.", + "type": "boolean" + } + }, + "required": [ + "osType" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requireAdminApproval": { + "description": "Whether the device needs to be approved by the customer admin.", + "type": "boolean" + }, + "requireCorpOwned": { + "description": "Whether the device needs to be corp owned.", + "type": "boolean" + }, + "requireScreenLock": { + "description": "Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "ipSubnetworks": { + "description": "A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.", + "items": { + "type": "string" + }, + "type": "array" + }, + "members": { + "items": { + "description": "An allowed list of members (users, service accounts).\nUsing groups is not supported.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).", + "oneOf": [ + { + "required": [ + "serviceAccountRef" + ] + }, + { + "required": [ + "user" + ] + } + ], + "properties": { + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "negate": { + "description": "Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.", + "type": "boolean" + }, + "regions": { + "description": "The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.", + "items": { + "type": "string" + }, + "type": "array" + }, + "requiredAccessLevels": { + "items": { + "description": "A list of other access levels defined in the same policy.\nReferencing an AccessContextManagerAccessLevel which does not exist\nis an error. All access levels listed must be granted for the\ncondition to be true.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AccessContextManagerAccessLevel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "conditions" + ], + "type": "object", + "additionalProperties": false + }, + "custom": { + "description": "Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.", + "properties": { + "expr": { + "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.", + "properties": { + "description": { + "description": "Description of the expression.", + "type": "string" + }, + "expression": { + "description": "Textual representation of an expression in Common Expression Language syntax.", + "type": "string" + }, + "location": { + "description": "String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.", + "type": "string" + }, + "title": { + "description": "Title for the expression, i.e. a short string describing its purpose.", + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "expr" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Description of the AccessLevel and its use. Does not affect behavior.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "title": { + "description": "Human readable title. Must be unique within the Policy.", + "type": "string" + } + }, + "required": [ + "accessPolicyRef", + "title" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanageraccesspolicy_v1beta1.json b/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanageraccesspolicy_v1beta1.json new file mode 100644 index 00000000..aceee69e --- /dev/null +++ b/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanageraccesspolicy_v1beta1.json @@ -0,0 +1,88 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "title": { + "description": "Human readable title. Does not affect behavior.", + "type": "string" + } + }, + "required": [ + "title" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time the AccessPolicy was created in UTC.", + "type": "string" + }, + "name": { + "description": "Resource name of the AccessPolicy. Format: {policy_id}.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Time the AccessPolicy was updated in UTC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanagerserviceperimeter_v1beta1.json b/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanagerserviceperimeter_v1beta1.json new file mode 100644 index 00000000..2d6a5a0e --- /dev/null +++ b/accesscontextmanager.cnrm.cloud.google.com/accesscontextmanagerserviceperimeter_v1beta1.json @@ -0,0 +1,1441 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "accessPolicyRef": { + "description": "The AccessContextManagerAccessPolicy this\nAccessContextManagerServicePerimeter lives in.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `accessPolicies/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Description of the ServicePerimeter and its use. Does not affect\nbehavior.", + "type": "string" + }, + "perimeterType": { + "description": "Immutable. Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "spec": { + "description": "Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.", + "properties": { + "accessLevels": { + "items": { + "description": "(Optional) A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet. AccessLevels listed\nmust be in the same policy as this ServicePerimeter.\nReferencing a nonexistent AccessLevel is a syntax error. If no\nAccessLevel names are listed, resources within the perimeter can\nonly be accessed via GCP calls with request origins within the\nperimeter. For Service Perimeter Bridge, must be empty.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "egressPolicies": { + "description": "List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.", + "items": { + "properties": { + "egressFrom": { + "description": "Defines conditions on the source of a request causing this 'EgressPolicy' to apply.", + "properties": { + "identities": { + "items": { + "description": "(Optional) A list of identities that are allowed access through this\nEgressPolicy. Should be in the format of email address. The email\naddress should represent individual user or service account only.", + "oneOf": [ + { + "required": [ + "serviceAccountRef" + ] + }, + { + "required": [ + "user" + ] + } + ], + "properties": { + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "identityType": { + "description": "Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "egressTo": { + "description": "Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.", + "properties": { + "externalResources": { + "description": "A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.", + "items": { + "type": "string" + }, + "type": "array" + }, + "operations": { + "description": "A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.", + "items": { + "properties": { + "methodSelectors": { + "description": "API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.", + "items": { + "properties": { + "method": { + "description": "Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.", + "type": "string" + }, + "permission": { + "description": "Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "serviceName": { + "description": "The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "items": { + "description": "(Optional) A list of resources, currently only projects in the form\n\"projects/{project_number}\". A request\nmatches if it contains a resource in this list.", + "properties": { + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "ingressPolicies": { + "description": "List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.", + "items": { + "properties": { + "ingressFrom": { + "description": "Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.", + "properties": { + "identities": { + "items": { + "description": "(Optional) A list of identities that are allowed access through this\ningress policy. Should be in the format of email address. The email\naddress should represent individual user or service account only.", + "oneOf": [ + { + "required": [ + "serviceAccountRef" + ] + }, + { + "required": [ + "user" + ] + } + ], + "properties": { + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "identityType": { + "description": "Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"].", + "type": "string" + }, + "sources": { + "description": "Sources that this 'IngressPolicy' authorizes access from.", + "items": { + "properties": { + "accessLevelRef": { + "description": "An AccessLevel resource name that allow resources within the\nServicePerimeters to be accessed from the internet. AccessLevels\nlisted must be in the same policy as this ServicePerimeter.\nReferencing a nonexistent AccessLevel will cause an error. If no\nAccessLevel names are listed, resources within the perimeter can\nonly be accessed via Google Cloud calls with request origins within\nthe perimeter.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "(Optional) A Google Cloud resource that is allowed to ingress the\nperimeter. Requests from these resources will be allowed to access\nperimeter data. Currently only projects are allowed. Format\n\"projects/{project_number}\" The project may be in any Google Cloud\norganization, not just the organization that the perimeter is defined in.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "ingressTo": { + "description": "Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.", + "properties": { + "operations": { + "description": "A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.", + "items": { + "properties": { + "methodSelectors": { + "description": "API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.", + "items": { + "properties": { + "method": { + "description": "Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.", + "type": "string" + }, + "permission": { + "description": "Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "serviceName": { + "description": "The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "items": { + "description": "A list of resources, currently only projects in the form\n\"projects/{project_number}\", protected by this ServicePerimeter\nthat are allowed to be accessed by sources defined in the\ncorresponding IngressFrom. A request matches if it contains a\nresource in this list.", + "properties": { + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "items": { + "description": "(Optional) A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.", + "properties": { + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "restrictedServices": { + "description": "GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.", + "items": { + "type": "string" + }, + "type": "array" + }, + "vpcAccessibleServices": { + "description": "Specifies how APIs are allowed to communicate within the Service\nPerimeter.", + "properties": { + "allowedServices": { + "description": "The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.", + "items": { + "type": "string" + }, + "type": "array" + }, + "enableRestriction": { + "description": "Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.", + "properties": { + "accessLevels": { + "items": { + "description": "(Optional) A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet. AccessLevels listed\nmust be in the same policy as this ServicePerimeter.\nReferencing a nonexistent AccessLevel is a syntax error. If no\nAccessLevel names are listed, resources within the perimeter can\nonly be accessed via GCP calls with request origins within the\nperimeter. For Service Perimeter Bridge, must be empty.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "egressPolicies": { + "description": "List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.", + "items": { + "properties": { + "egressFrom": { + "description": "Defines conditions on the source of a request causing this 'EgressPolicy' to apply.", + "properties": { + "identities": { + "items": { + "description": "(Optional) A list of identities that are allowed access through this\nEgressPolicy. Should be in the format of email address. The email\naddress should represent individual user or service account only.", + "oneOf": [ + { + "required": [ + "serviceAccountRef" + ] + }, + { + "required": [ + "user" + ] + } + ], + "properties": { + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "identityType": { + "description": "Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "egressTo": { + "description": "Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.", + "properties": { + "externalResources": { + "description": "A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.", + "items": { + "type": "string" + }, + "type": "array" + }, + "operations": { + "description": "A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.", + "items": { + "properties": { + "methodSelectors": { + "description": "API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.", + "items": { + "properties": { + "method": { + "description": "Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.", + "type": "string" + }, + "permission": { + "description": "Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "serviceName": { + "description": "The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "items": { + "description": "(Optional) A list of resources, currently only projects in the form\n\"projects/{project_number}\". A request\nmatches if it contains a resource in this list.", + "properties": { + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "ingressPolicies": { + "description": "List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.", + "items": { + "properties": { + "ingressFrom": { + "description": "Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.", + "properties": { + "identities": { + "items": { + "description": "(Optional) A list of identities that are allowed access through this\nEgressPolicy. Should be in the format of email address. The email\naddress should represent individual user or service account only.", + "oneOf": [ + { + "required": [ + "serviceAccountRef" + ] + }, + { + "required": [ + "user" + ] + } + ], + "properties": { + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `serviceAccount:{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "identityType": { + "description": "Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"].", + "type": "string" + }, + "sources": { + "description": "Sources that this 'IngressPolicy' authorizes access from.", + "items": { + "properties": { + "accessLevelRef": { + "description": "An AccessLevel resource name that allow resources within the\nServicePerimeters to be accessed from the internet. AccessLevels\nlisted must be in the same policy as this ServicePerimeter.\nReferencing a nonexistent AccessLevel will cause an error. If no\nAccessLevel names are listed, resources within the perimeter can\nonly be accessed via Google Cloud calls with request origins within\nthe perimeter.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `{{parent}}/accessLevels/{{value}}`, where {{value}} is the `name` field of an `AccessContextManagerAccessLevel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "(Optional) A Google Cloud resource that is allowed to ingress the\nperimeter. Requests from these resources will be allowed to access\nperimeter data. Currently only projects are allowed. Format\n\"projects/{project_number}\" The project may be in any Google Cloud\norganization, not just the organization that the perimeter is defined in.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "ingressTo": { + "description": "Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.", + "properties": { + "operations": { + "description": "A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.", + "items": { + "properties": { + "methodSelectors": { + "description": "API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.", + "items": { + "properties": { + "method": { + "description": "Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.", + "type": "string" + }, + "permission": { + "description": "Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "serviceName": { + "description": "The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "items": { + "description": "A list of resources, currently only projects in the form\n\"projects/{project_number}\", protected by this ServicePerimeter\nthat are allowed to be accessed by sources defined in the\ncorresponding IngressFrom. A request matches if it contains a\nresource in this list.", + "properties": { + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "items": { + "description": "(Optional) A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.", + "properties": { + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "restrictedServices": { + "description": "GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.", + "items": { + "type": "string" + }, + "type": "array" + }, + "vpcAccessibleServices": { + "description": "Specifies how APIs are allowed to communicate within the Service\nPerimeter.", + "properties": { + "allowedServices": { + "description": "The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.", + "items": { + "type": "string" + }, + "type": "array" + }, + "enableRestriction": { + "description": "Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "title": { + "description": "Human readable title. Must be unique within the Policy.", + "type": "string" + }, + "useExplicitDryRunSpec": { + "description": "Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.", + "type": "boolean" + } + }, + "required": [ + "accessPolicyRef", + "title" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time the AccessPolicy was created in UTC.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Time the AccessPolicy was updated in UTC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/alloydb.cnrm.cloud.google.com/alloydbbackup_v1alpha1.json b/alloydb.cnrm.cloud.google.com/alloydbbackup_v1alpha1.json new file mode 100644 index 00000000..2593f98e --- /dev/null +++ b/alloydb.cnrm.cloud.google.com/alloydbbackup_v1alpha1.json @@ -0,0 +1,242 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clusterNameRef": { + "description": "The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}).", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. User-provided description of the backup.", + "type": "string" + }, + "encryptionConfig": { + "description": "EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).", + "properties": { + "kmsKeyName": { + "description": "Immutable. The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location where the alloydb backup should reside.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The backupId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "clusterNameRef", + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time the Backup was created in UTC.", + "type": "string" + }, + "encryptionInfo": { + "description": "EncryptionInfo describes the encryption information of a cluster or a backup.", + "items": { + "properties": { + "encryptionType": { + "description": "Output only. Type of encryption.", + "type": "string" + }, + "kmsKeyVersions": { + "description": "Output only. Cloud KMS key versions that are being used to protect the database or the backup.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "etag": { + "description": "A hash of the resource.", + "type": "string" + }, + "name": { + "description": "Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "reconciling": { + "description": "If true, indicates that the service is actively updating the resource. This can happen due to user-triggered updates or system actions like failover or maintenance.", + "type": "boolean" + }, + "state": { + "description": "The current state of the backup.", + "type": "string" + }, + "uid": { + "description": "Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted.", + "type": "string" + }, + "updateTime": { + "description": "Time the Backup was updated in UTC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/alloydb.cnrm.cloud.google.com/alloydbbackup_v1beta1.json b/alloydb.cnrm.cloud.google.com/alloydbbackup_v1beta1.json new file mode 100644 index 00000000..2593f98e --- /dev/null +++ b/alloydb.cnrm.cloud.google.com/alloydbbackup_v1beta1.json @@ -0,0 +1,242 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clusterNameRef": { + "description": "The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}).", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. User-provided description of the backup.", + "type": "string" + }, + "encryptionConfig": { + "description": "EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).", + "properties": { + "kmsKeyName": { + "description": "Immutable. The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location where the alloydb backup should reside.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The backupId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "clusterNameRef", + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time the Backup was created in UTC.", + "type": "string" + }, + "encryptionInfo": { + "description": "EncryptionInfo describes the encryption information of a cluster or a backup.", + "items": { + "properties": { + "encryptionType": { + "description": "Output only. Type of encryption.", + "type": "string" + }, + "kmsKeyVersions": { + "description": "Output only. Cloud KMS key versions that are being used to protect the database or the backup.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "etag": { + "description": "A hash of the resource.", + "type": "string" + }, + "name": { + "description": "Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "reconciling": { + "description": "If true, indicates that the service is actively updating the resource. This can happen due to user-triggered updates or system actions like failover or maintenance.", + "type": "boolean" + }, + "state": { + "description": "The current state of the backup.", + "type": "string" + }, + "uid": { + "description": "Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted.", + "type": "string" + }, + "updateTime": { + "description": "Time the Backup was updated in UTC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/alloydb.cnrm.cloud.google.com/alloydbcluster_v1alpha1.json b/alloydb.cnrm.cloud.google.com/alloydbcluster_v1alpha1.json new file mode 100644 index 00000000..be621d38 --- /dev/null +++ b/alloydb.cnrm.cloud.google.com/alloydbcluster_v1alpha1.json @@ -0,0 +1,832 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "automatedBackupPolicy": { + "description": "The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.", + "properties": { + "backupWindow": { + "description": "The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.\n\nThe backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "enabled": { + "description": "Whether automated backups are enabled.", + "type": "boolean" + }, + "encryptionConfig": { + "description": "EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).", + "properties": { + "kmsKeyNameRef": { + "description": "(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to apply to backups created using this configuration.", + "type": "object" + }, + "location": { + "description": "The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.", + "type": "string" + }, + "quantityBasedRetention": { + "description": "Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.", + "properties": { + "count": { + "description": "The number of backups to retain.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeBasedRetention": { + "description": "Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.", + "properties": { + "retentionPeriod": { + "description": "The retention period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weeklySchedule": { + "description": "Weekly schedule for the Backup.", + "properties": { + "daysOfWeek": { + "description": "The days of the week to perform a backup. At least one day of the week must be provided. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "startTimes": { + "description": "The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).", + "items": { + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Currently, only the value 0 is supported.", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Currently, only the value 0 is supported.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "startTimes" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "continuousBackupConfig": { + "description": "The continuous backup config for this cluster.\n\nIf no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.", + "properties": { + "enabled": { + "description": "Whether continuous backup recovery is enabled. If not set, defaults to true.", + "type": "boolean" + }, + "encryptionConfig": { + "description": "EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).", + "properties": { + "kmsKeyNameRef": { + "description": "(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "recoveryWindowDays": { + "description": "The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.\n\nIf not set, defaults to 14 days.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "User-settable and human-readable display name for the Cluster.", + "type": "string" + }, + "encryptionConfig": { + "description": "EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).", + "properties": { + "kmsKeyNameRef": { + "description": "(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "initialUser": { + "description": "Initial user to setup during cluster creation.", + "properties": { + "password": { + "description": "The initial password for the user.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "user": { + "description": "The database username.", + "type": "string" + } + }, + "required": [ + "password" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location where the alloydb cluster should reside.", + "type": "string" + }, + "networkConfig": { + "description": "Metadata related to network configuration.", + "properties": { + "allocatedIpRange": { + "description": "The name of the allocated IP range for the private IP AlloyDB cluster. For example: \"google-managed-services-default\".\nIf set, the instance IPs for this cluster will be created in the allocated range.", + "type": "string" + }, + "networkRef": { + "description": "(Required) The relative resource name of the VPC network on which\nthe instance can be accessed. It is specified in the following form:\nprojects/{project}/global/networks/{network_id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "networkRef": { + "description": "(Required) The relative resource name of the VPC network on which\nthe instance can be accessed. It is specified in the following form:\nprojects/{project}/global/networks/{network_id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The clusterId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "restoreBackupSource": { + "description": "Immutable. The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.", + "properties": { + "backupNameRef": { + "description": "(Required) The name of the backup that this cluster is restored from.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBBackup` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "backupNameRef" + ], + "type": "object", + "additionalProperties": false + }, + "restoreContinuousBackupSource": { + "description": "Immutable. The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.", + "properties": { + "clusterRef": { + "description": "(Required) The name of the source cluster that this cluster is restored from.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "pointInTime": { + "description": "Immutable. The point in time that this cluster is restored to, in RFC 3339 format.", + "type": "string" + } + }, + "required": [ + "clusterRef", + "pointInTime" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "backupSource": { + "description": "Cluster created from backup.", + "items": { + "properties": { + "backupName": { + "description": "The name of the backup resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "continuousBackupInfo": { + "description": "ContinuousBackupInfo describes the continuous backup properties of a cluster.", + "items": { + "properties": { + "earliestRestorableTime": { + "description": "The earliest restorable time that can be restored to. Output only field.", + "type": "string" + }, + "enabledTime": { + "description": "When ContinuousBackup was most recently enabled. Set to null if ContinuousBackup is not enabled.", + "type": "string" + }, + "encryptionInfo": { + "description": "Output only. The encryption information for the WALs and backups required for ContinuousBackup.", + "items": { + "properties": { + "encryptionType": { + "description": "Output only. Type of encryption.", + "type": "string" + }, + "kmsKeyVersions": { + "description": "Output only. Cloud KMS key versions that are being used to protect the database or the backup.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "schedule": { + "description": "Days of the week on which a continuous backup is taken. Output only field. Ignored if passed into the request.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "databaseVersion": { + "description": "The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.", + "type": "string" + }, + "encryptionInfo": { + "description": "EncryptionInfo describes the encryption information of a cluster or a backup.", + "items": { + "properties": { + "encryptionType": { + "description": "Output only. Type of encryption.", + "type": "string" + }, + "kmsKeyVersions": { + "description": "Output only. Cloud KMS key versions that are being used to protect the database or the backup.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "migrationSource": { + "description": "Cluster created via DMS migration.", + "items": { + "properties": { + "hostPort": { + "description": "The host and port of the on-premises instance in host:port format.", + "type": "string" + }, + "referenceId": { + "description": "Place holder for the external source identifier(e.g DMS job name) that created the cluster.", + "type": "string" + }, + "sourceType": { + "description": "Type of migration source.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The name of the cluster resource.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "uid": { + "description": "The system-generated UID of the resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/alloydb.cnrm.cloud.google.com/alloydbcluster_v1beta1.json b/alloydb.cnrm.cloud.google.com/alloydbcluster_v1beta1.json new file mode 100644 index 00000000..be621d38 --- /dev/null +++ b/alloydb.cnrm.cloud.google.com/alloydbcluster_v1beta1.json @@ -0,0 +1,832 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "automatedBackupPolicy": { + "description": "The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.", + "properties": { + "backupWindow": { + "description": "The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.\n\nThe backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "enabled": { + "description": "Whether automated backups are enabled.", + "type": "boolean" + }, + "encryptionConfig": { + "description": "EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).", + "properties": { + "kmsKeyNameRef": { + "description": "(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to apply to backups created using this configuration.", + "type": "object" + }, + "location": { + "description": "The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.", + "type": "string" + }, + "quantityBasedRetention": { + "description": "Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.", + "properties": { + "count": { + "description": "The number of backups to retain.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeBasedRetention": { + "description": "Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.", + "properties": { + "retentionPeriod": { + "description": "The retention period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weeklySchedule": { + "description": "Weekly schedule for the Backup.", + "properties": { + "daysOfWeek": { + "description": "The days of the week to perform a backup. At least one day of the week must be provided. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "startTimes": { + "description": "The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).", + "items": { + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Currently, only the value 0 is supported.", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Currently, only the value 0 is supported.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "startTimes" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "continuousBackupConfig": { + "description": "The continuous backup config for this cluster.\n\nIf no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.", + "properties": { + "enabled": { + "description": "Whether continuous backup recovery is enabled. If not set, defaults to true.", + "type": "boolean" + }, + "encryptionConfig": { + "description": "EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).", + "properties": { + "kmsKeyNameRef": { + "description": "(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "recoveryWindowDays": { + "description": "The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.\n\nIf not set, defaults to 14 days.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "User-settable and human-readable display name for the Cluster.", + "type": "string" + }, + "encryptionConfig": { + "description": "EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).", + "properties": { + "kmsKeyNameRef": { + "description": "(Optional) The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "initialUser": { + "description": "Initial user to setup during cluster creation.", + "properties": { + "password": { + "description": "The initial password for the user.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "user": { + "description": "The database username.", + "type": "string" + } + }, + "required": [ + "password" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location where the alloydb cluster should reside.", + "type": "string" + }, + "networkConfig": { + "description": "Metadata related to network configuration.", + "properties": { + "allocatedIpRange": { + "description": "The name of the allocated IP range for the private IP AlloyDB cluster. For example: \"google-managed-services-default\".\nIf set, the instance IPs for this cluster will be created in the allocated range.", + "type": "string" + }, + "networkRef": { + "description": "(Required) The relative resource name of the VPC network on which\nthe instance can be accessed. It is specified in the following form:\nprojects/{project}/global/networks/{network_id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "networkRef": { + "description": "(Required) The relative resource name of the VPC network on which\nthe instance can be accessed. It is specified in the following form:\nprojects/{project}/global/networks/{network_id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The clusterId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "restoreBackupSource": { + "description": "Immutable. The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.", + "properties": { + "backupNameRef": { + "description": "(Required) The name of the backup that this cluster is restored from.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBBackup` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "backupNameRef" + ], + "type": "object", + "additionalProperties": false + }, + "restoreContinuousBackupSource": { + "description": "Immutable. The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.", + "properties": { + "clusterRef": { + "description": "(Required) The name of the source cluster that this cluster is restored from.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "pointInTime": { + "description": "Immutable. The point in time that this cluster is restored to, in RFC 3339 format.", + "type": "string" + } + }, + "required": [ + "clusterRef", + "pointInTime" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "backupSource": { + "description": "Cluster created from backup.", + "items": { + "properties": { + "backupName": { + "description": "The name of the backup resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "continuousBackupInfo": { + "description": "ContinuousBackupInfo describes the continuous backup properties of a cluster.", + "items": { + "properties": { + "earliestRestorableTime": { + "description": "The earliest restorable time that can be restored to. Output only field.", + "type": "string" + }, + "enabledTime": { + "description": "When ContinuousBackup was most recently enabled. Set to null if ContinuousBackup is not enabled.", + "type": "string" + }, + "encryptionInfo": { + "description": "Output only. The encryption information for the WALs and backups required for ContinuousBackup.", + "items": { + "properties": { + "encryptionType": { + "description": "Output only. Type of encryption.", + "type": "string" + }, + "kmsKeyVersions": { + "description": "Output only. Cloud KMS key versions that are being used to protect the database or the backup.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "schedule": { + "description": "Days of the week on which a continuous backup is taken. Output only field. Ignored if passed into the request.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "databaseVersion": { + "description": "The database engine major version. This is an output-only field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.", + "type": "string" + }, + "encryptionInfo": { + "description": "EncryptionInfo describes the encryption information of a cluster or a backup.", + "items": { + "properties": { + "encryptionType": { + "description": "Output only. Type of encryption.", + "type": "string" + }, + "kmsKeyVersions": { + "description": "Output only. Cloud KMS key versions that are being used to protect the database or the backup.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "migrationSource": { + "description": "Cluster created via DMS migration.", + "items": { + "properties": { + "hostPort": { + "description": "The host and port of the on-premises instance in host:port format.", + "type": "string" + }, + "referenceId": { + "description": "Place holder for the external source identifier(e.g DMS job name) that created the cluster.", + "type": "string" + }, + "sourceType": { + "description": "Type of migration source.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The name of the cluster resource.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "uid": { + "description": "The system-generated UID of the resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/alloydb.cnrm.cloud.google.com/alloydbinstance_v1alpha1.json b/alloydb.cnrm.cloud.google.com/alloydbinstance_v1alpha1.json new file mode 100644 index 00000000..8e6c63b1 --- /dev/null +++ b/alloydb.cnrm.cloud.google.com/alloydbinstance_v1alpha1.json @@ -0,0 +1,202 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.", + "type": "object" + }, + "availabilityType": { + "description": "'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.\nNote that primary and read instances can have different availability types.\nOnly READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.\nZone is automatically chosen from the list of zones in the region specified.\nRead pool of size 1 can only have zonal availability. Read pools with node count of 2 or more\ncan have regional availability (nodes are present in 2 or more zones in a region).' Possible values: [\"AVAILABILITY_TYPE_UNSPECIFIED\", \"ZONAL\", \"REGIONAL\"].", + "type": "string" + }, + "clusterRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "databaseFlags": { + "additionalProperties": { + "type": "string" + }, + "description": "Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.", + "type": "object" + }, + "displayName": { + "description": "User-settable and human-readable display name for the Instance.", + "type": "string" + }, + "gceZone": { + "description": "The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.", + "type": "string" + }, + "instanceType": { + "description": "Immutable. The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the 'depends_on' meta-data attribute. Possible values: [\"PRIMARY\", \"READ_POOL\"].", + "type": "string" + }, + "machineConfig": { + "description": "Configurations for the machines that host the underlying database engine.", + "properties": { + "cpuCount": { + "description": "The number of CPU's in the VM instance.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "readPoolConfig": { + "description": "Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.", + "properties": { + "nodeCount": { + "description": "Read capacity, i.e. number of nodes in a read pool instance.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "clusterRef", + "instanceType" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time the Instance was created in UTC.", + "type": "string" + }, + "ipAddress": { + "description": "The IP address for the Instance. This is the connection endpoint for an end-user application.", + "type": "string" + }, + "name": { + "description": "The name of the instance resource.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "reconciling": { + "description": "Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.", + "type": "boolean" + }, + "state": { + "description": "The current state of the alloydb instance.", + "type": "string" + }, + "uid": { + "description": "The system-generated UID of the resource.", + "type": "string" + }, + "updateTime": { + "description": "Time the Instance was updated in UTC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/alloydb.cnrm.cloud.google.com/alloydbinstance_v1beta1.json b/alloydb.cnrm.cloud.google.com/alloydbinstance_v1beta1.json new file mode 100644 index 00000000..8e6c63b1 --- /dev/null +++ b/alloydb.cnrm.cloud.google.com/alloydbinstance_v1beta1.json @@ -0,0 +1,202 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.", + "type": "object" + }, + "availabilityType": { + "description": "'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.\nNote that primary and read instances can have different availability types.\nOnly READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.\nZone is automatically chosen from the list of zones in the region specified.\nRead pool of size 1 can only have zonal availability. Read pools with node count of 2 or more\ncan have regional availability (nodes are present in 2 or more zones in a region).' Possible values: [\"AVAILABILITY_TYPE_UNSPECIFIED\", \"ZONAL\", \"REGIONAL\"].", + "type": "string" + }, + "clusterRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "databaseFlags": { + "additionalProperties": { + "type": "string" + }, + "description": "Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.", + "type": "object" + }, + "displayName": { + "description": "User-settable and human-readable display name for the Instance.", + "type": "string" + }, + "gceZone": { + "description": "The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.", + "type": "string" + }, + "instanceType": { + "description": "Immutable. The type of the instance. If the instance type is READ_POOL, provide the associated PRIMARY instance in the 'depends_on' meta-data attribute. Possible values: [\"PRIMARY\", \"READ_POOL\"].", + "type": "string" + }, + "machineConfig": { + "description": "Configurations for the machines that host the underlying database engine.", + "properties": { + "cpuCount": { + "description": "The number of CPU's in the VM instance.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "readPoolConfig": { + "description": "Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.", + "properties": { + "nodeCount": { + "description": "Read capacity, i.e. number of nodes in a read pool instance.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "clusterRef", + "instanceType" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time the Instance was created in UTC.", + "type": "string" + }, + "ipAddress": { + "description": "The IP address for the Instance. This is the connection endpoint for an end-user application.", + "type": "string" + }, + "name": { + "description": "The name of the instance resource.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "reconciling": { + "description": "Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.", + "type": "boolean" + }, + "state": { + "description": "The current state of the alloydb instance.", + "type": "string" + }, + "uid": { + "description": "The system-generated UID of the resource.", + "type": "string" + }, + "updateTime": { + "description": "Time the Instance was updated in UTC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/alloydb.cnrm.cloud.google.com/alloydbuser_v1beta1.json b/alloydb.cnrm.cloud.google.com/alloydbuser_v1beta1.json new file mode 100644 index 00000000..9d11d293 --- /dev/null +++ b/alloydb.cnrm.cloud.google.com/alloydbuser_v1beta1.json @@ -0,0 +1,196 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clusterRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `AlloyDBCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "databaseRoles": { + "description": "List of database roles this database user has.", + "items": { + "type": "string" + }, + "type": "array" + }, + "password": { + "description": "Password for this database user.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The userId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "userType": { + "description": "Immutable. The type of this user. Possible values: [\"ALLOYDB_BUILT_IN\", \"ALLOYDB_IAM_USER\"].", + "type": "string" + } + }, + "required": [ + "clusterRef", + "userType" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/apigee.cnrm.cloud.google.com/apigeeenvironment_v1beta1.json b/apigee.cnrm.cloud.google.com/apigeeenvironment_v1beta1.json new file mode 100644 index 00000000..9927ffbc --- /dev/null +++ b/apigee.cnrm.cloud.google.com/apigeeenvironment_v1beta1.json @@ -0,0 +1,152 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "apigeeOrganizationRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The apigee organization for the resource\n\nAllowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Optional. Description of the environment.", + "type": "string" + }, + "displayName": { + "description": "Optional. Display name for this environment.", + "type": "string" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Key-value pairs that may be used for customizing the environment.", + "type": "object" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "additionalProperties": false + }, + "required": [ + "apigeeOrganizationRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createdAt": { + "description": "Output only. Creation time of this environment as milliseconds since epoch.", + "format": "int64", + "type": "integer" + }, + "lastModifiedAt": { + "description": "Output only. Last modification time of this environment as milliseconds since epoch.", + "format": "int64", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Output only. State of the environment. Values other than ACTIVE means the resource is not ready to use. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/apigee.cnrm.cloud.google.com/apigeeorganization_v1beta1.json b/apigee.cnrm.cloud.google.com/apigeeorganization_v1beta1.json new file mode 100644 index 00000000..7414cdc8 --- /dev/null +++ b/apigee.cnrm.cloud.google.com/apigeeorganization_v1beta1.json @@ -0,0 +1,317 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "addonsConfig": { + "description": "Addon configurations of the Apigee organization.", + "properties": { + "advancedApiOpsConfig": { + "description": "Configuration for the Advanced API Ops add-on.", + "properties": { + "enabled": { + "description": "Flag that specifies whether the Advanced API Ops add-on is enabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "monetizationConfig": { + "description": "Configuration for the Monetization add-on.", + "properties": { + "enabled": { + "description": "Flag that specifies whether the Monetization add-on is enabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "analyticsRegion": { + "description": "Immutable. Required. Primary GCP region for analytics data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).", + "type": "string" + }, + "authorizedNetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid.\n\nAllowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Description of the Apigee organization.", + "type": "string" + }, + "displayName": { + "description": "Display name for the Apigee organization.", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Properties defined in the Apigee organization profile.", + "type": "object" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "runtimeDatabaseEncryptionKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: \"projects/foo/locations/us/keyRings/bar/cryptoKeys/baz\". **Note:** Not supported for Apigee hybrid.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "runtimeType": { + "description": "Immutable. Required. Runtime type of the Apigee organization based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, CLOUD, HYBRID", + "type": "string" + }, + "additionalProperties": false + }, + "required": [ + "analyticsRegion", + "projectRef", + "runtimeType" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "billingType": { + "description": "Output only. Billing type of the Apigee organization. See (https://cloud.google.com/apigee/pricing). Possible values: BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION", + "type": "string" + }, + "caCertificate": { + "description": "Output only. Base64-encoded public certificate for the root CA of the Apigee organization. Valid only when (#RuntimeType) is `CLOUD`.", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createdAt": { + "description": "Output only. Time that the Apigee organization was created in milliseconds since epoch.", + "format": "int64", + "type": "integer" + }, + "environments": { + "description": "Output only. List of environments in the Apigee organization.", + "items": { + "type": "string" + }, + "type": "array" + }, + "expiresAt": { + "description": "Output only. Time that the Apigee organization is scheduled for deletion.", + "format": "int64", + "type": "integer" + }, + "lastModifiedAt": { + "description": "Output only. Time that the Apigee organization was last modified in milliseconds since epoch.", + "format": "int64", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "projectId": { + "description": "Output only. Project ID associated with the Apigee organization.", + "type": "string" + }, + "state": { + "description": "Output only. State of the organization. Values other than ACTIVE means the resource is not ready to use. Possible values: SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, OK_EXTERNAL, DELETED", + "type": "string" + }, + "subscriptionType": { + "description": "Output only. DEPRECATED: This will eventually be replaced by BillingType. Subscription type of the Apigee organization. Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/artifactregistry.cnrm.cloud.google.com/artifactregistryrepository_v1beta1.json b/artifactregistry.cnrm.cloud.google.com/artifactregistryrepository_v1beta1.json new file mode 100644 index 00000000..55a60913 --- /dev/null +++ b/artifactregistry.cnrm.cloud.google.com/artifactregistryrepository_v1beta1.json @@ -0,0 +1,389 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "cleanupPolicies": { + "description": "Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.", + "items": { + "properties": { + "action": { + "description": "Policy action. Possible values: [\"DELETE\", \"KEEP\"].", + "type": "string" + }, + "condition": { + "description": "Policy condition for matching versions.", + "properties": { + "newerThan": { + "description": "Match versions newer than a duration.", + "type": "string" + }, + "olderThan": { + "description": "Match versions older than a duration.", + "type": "string" + }, + "packageNamePrefixes": { + "description": "Match versions by package prefix. Applied on any prefix match.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tagPrefixes": { + "description": "Match versions by tag prefix. Applied on any prefix match.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tagState": { + "description": "Match versions by tag status. Default value: \"ANY\" Possible values: [\"TAGGED\", \"UNTAGGED\", \"ANY\"].", + "type": "string" + }, + "versionNamePrefixes": { + "description": "Match versions by version name prefix. Applied on any prefix match.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "id": { + "type": "string" + }, + "mostRecentVersions": { + "description": "Policy condition for retaining a minimum number of versions. May only be\nspecified with a Keep action.", + "properties": { + "keepCount": { + "description": "Minimum number of versions to keep.", + "type": "integer" + }, + "packageNamePrefixes": { + "description": "Match versions by package prefix. Applied on any prefix match.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "id" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "cleanupPolicyDryRun": { + "description": "If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.", + "type": "boolean" + }, + "description": { + "description": "The user-provided description of the repository.", + "type": "string" + }, + "dockerConfig": { + "description": "Docker repository config contains repository level configuration for the repositories of docker type.", + "properties": { + "immutableTags": { + "description": "The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "format": { + "description": "Immutable. The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).", + "type": "string" + }, + "kmsKeyRef": { + "description": "The customer managed encryption key that\u2019s used to encrypt the\ncontents of the Repository.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The name of the location this repository is located in.", + "type": "string" + }, + "mavenConfig": { + "description": "MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.", + "properties": { + "allowSnapshotOverwrites": { + "description": "Immutable. The repository with this flag will allow publishing the same\nsnapshot versions.", + "type": "boolean" + }, + "versionPolicy": { + "description": "Immutable. Version policy defines the versions that the registry will accept. Default value: \"VERSION_POLICY_UNSPECIFIED\" Possible values: [\"VERSION_POLICY_UNSPECIFIED\", \"RELEASE\", \"SNAPSHOT\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mode": { + "description": "Immutable. The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"].", + "type": "string" + }, + "remoteRepositoryConfig": { + "description": "Immutable. Configuration specific for a Remote Repository.", + "properties": { + "description": { + "description": "Immutable. The description of the remote source.", + "type": "string" + }, + "dockerRepository": { + "description": "Immutable. Specific settings for a Docker remote repository.", + "properties": { + "publicRepository": { + "description": "Immutable. Address of the remote repository. Default value: \"DOCKER_HUB\" Possible values: [\"DOCKER_HUB\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mavenRepository": { + "description": "Immutable. Specific settings for a Maven remote repository.", + "properties": { + "publicRepository": { + "description": "Immutable. Address of the remote repository. Default value: \"MAVEN_CENTRAL\" Possible values: [\"MAVEN_CENTRAL\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "npmRepository": { + "description": "Immutable. Specific settings for an Npm remote repository.", + "properties": { + "publicRepository": { + "description": "Immutable. Address of the remote repository. Default value: \"NPMJS\" Possible values: [\"NPMJS\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "pythonRepository": { + "description": "Immutable. Specific settings for a Python remote repository.", + "properties": { + "publicRepository": { + "description": "Immutable. Address of the remote repository. Default value: \"PYPI\" Possible values: [\"PYPI\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The repositoryId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "virtualRepositoryConfig": { + "description": "Configuration specific for a Virtual Repository.", + "properties": { + "upstreamPolicies": { + "description": "Policies that configure the upstream artifacts distributed by the Virtual\nRepository. Upstream policies cannot be set on a standard repository.", + "items": { + "properties": { + "id": { + "description": "The user-provided ID of the upstream policy.", + "type": "string" + }, + "priority": { + "description": "Entries with a greater priority value take precedence in the pull order.", + "type": "integer" + }, + "repositoryRef": { + "description": "A reference to the repository resource, for example:\n\"projects/p1/locations/us-central1/repositories/repo1\".", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, where {{value}} is the `name` field of an `ArtifactRegistryRepository` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "format", + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time when the repository was created.", + "type": "string" + }, + "name": { + "description": "The name of the repository, for example:\n\"repo1\".", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "The time when the repository was last updated.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/bigquery.cnrm.cloud.google.com/bigquerydataset_v1beta1.json b/bigquery.cnrm.cloud.google.com/bigquerydataset_v1beta1.json new file mode 100644 index 00000000..04d52b0e --- /dev/null +++ b/bigquery.cnrm.cloud.google.com/bigquerydataset_v1beta1.json @@ -0,0 +1,342 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "access": { + "description": "An array of objects that define dataset access for one or more entities.", + "items": { + "properties": { + "dataset": { + "description": "Grants all resources of particular types in a particular dataset read access to the current dataset.", + "properties": { + "dataset": { + "description": "The dataset this entry applies to.", + "properties": { + "datasetId": { + "description": "The ID of the dataset containing this table.", + "type": "string" + }, + "projectId": { + "description": "The ID of the project containing this table.", + "type": "string" + } + }, + "required": [ + "datasetId", + "projectId" + ], + "type": "object", + "additionalProperties": false + }, + "targetTypes": { + "description": "Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "dataset", + "targetTypes" + ], + "type": "object", + "additionalProperties": false + }, + "domain": { + "description": "A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access.", + "type": "string" + }, + "groupByEmail": { + "description": "An email address of a Google Group to grant access to.", + "type": "string" + }, + "role": { + "description": "Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles\nare supported. Predefined roles that have equivalent basic roles\nare swapped by the API to their basic counterparts. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).", + "type": "string" + }, + "routine": { + "description": "A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.", + "properties": { + "datasetId": { + "description": "The ID of the dataset containing this table.", + "type": "string" + }, + "projectId": { + "description": "The ID of the project containing this table.", + "type": "string" + }, + "routineId": { + "description": "The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.", + "type": "string" + } + }, + "required": [ + "datasetId", + "projectId", + "routineId" + ], + "type": "object", + "additionalProperties": false + }, + "specialGroup": { + "description": "A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.", + "type": "string" + }, + "userByEmail": { + "description": "An email address of a user to grant access to. For example:\nfred@example.com.", + "type": "string" + }, + "view": { + "description": "A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.", + "properties": { + "datasetId": { + "description": "The ID of the dataset containing this table.", + "type": "string" + }, + "projectId": { + "description": "The ID of the project containing this table.", + "type": "string" + }, + "tableId": { + "description": "The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.", + "type": "string" + } + }, + "required": [ + "datasetId", + "projectId", + "tableId" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "defaultCollation": { + "description": "Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.", + "type": "string" + }, + "defaultEncryptionConfiguration": { + "description": "The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.", + "properties": { + "kmsKeyRef": { + "description": "Describes the Cloud KMS encryption key that will be used to protect destination\nBigQuery table. The BigQuery Service Account associated with your project requires\naccess to this encryption key.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "defaultPartitionExpirationMs": { + "description": "The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\n\n\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.", + "type": "integer" + }, + "defaultTableExpirationMs": { + "description": "The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\n\n\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.", + "type": "integer" + }, + "description": { + "description": "A user-friendly description of the dataset.", + "type": "string" + }, + "friendlyName": { + "description": "A descriptive name for the dataset.", + "type": "string" + }, + "isCaseInsensitive": { + "description": "TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.", + "type": "boolean" + }, + "location": { + "description": "Immutable. The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\n\n\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\n\n\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.", + "type": "string" + }, + "maxTimeTravelHours": { + "description": "Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The datasetId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "storageBillingModel": { + "description": "Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTime": { + "description": "The time when this dataset was created, in milliseconds since the\nepoch.", + "type": "integer" + }, + "etag": { + "description": "A hash of the resource.", + "type": "string" + }, + "lastModifiedTime": { + "description": "The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/bigquery.cnrm.cloud.google.com/bigqueryjob_v1beta1.json b/bigquery.cnrm.cloud.google.com/bigqueryjob_v1beta1.json new file mode 100644 index 00000000..245d3f67 --- /dev/null +++ b/bigquery.cnrm.cloud.google.com/bigqueryjob_v1beta1.json @@ -0,0 +1,973 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "copy": { + "description": "Immutable. Copies a table.", + "properties": { + "createDisposition": { + "description": "Immutable. Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_NEVER\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"].", + "type": "string" + }, + "destinationEncryptionConfiguration": { + "description": "Immutable. Custom encryption configuration (e.g., Cloud KMS keys).", + "properties": { + "kmsKeyRef": { + "description": "Describes the Cloud KMS encryption key that will be used to protect\ndestination BigQuery table. The BigQuery Service Account associated\nwith your project requires access to this encryption key.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyVersion": { + "description": "Describes the Cloud KMS encryption key version used to protect destination BigQuery table.", + "type": "string" + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "destinationTable": { + "description": "Immutable. The destination table.", + "properties": { + "tableRef": { + "description": "A reference to the table.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `BigQueryTable` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "tableRef" + ], + "type": "object", + "additionalProperties": false + }, + "sourceTables": { + "description": "Immutable. Source tables to copy.", + "items": { + "properties": { + "tableRef": { + "description": "A reference to the table.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `BigQueryTable` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "tableRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "writeDisposition": { + "description": "Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"].", + "type": "string" + } + }, + "required": [ + "sourceTables" + ], + "type": "object", + "additionalProperties": false + }, + "extract": { + "description": "Immutable. Configures an extract job.", + "properties": { + "compression": { + "description": "Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE.\nThe default value is NONE. DEFLATE and SNAPPY are only supported for Avro.", + "type": "string" + }, + "destinationFormat": { + "description": "Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models.\nThe default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV.\nThe default value for models is SAVED_MODEL.", + "type": "string" + }, + "destinationUris": { + "description": "Immutable. A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fieldDelimiter": { + "description": "Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data.\nDefault is ','.", + "type": "string" + }, + "printHeader": { + "description": "Immutable. Whether to print out a header row in the results. Default is true.", + "type": "boolean" + }, + "sourceTable": { + "description": "Immutable. A reference to the table being exported.", + "properties": { + "tableRef": { + "description": "A reference to the table.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `BigQueryTable` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "tableRef" + ], + "type": "object", + "additionalProperties": false + }, + "useAvroLogicalTypes": { + "description": "Immutable. Whether to use logical types when extracting to AVRO format.", + "type": "boolean" + } + }, + "required": [ + "destinationUris" + ], + "type": "object", + "additionalProperties": false + }, + "jobTimeoutMs": { + "description": "Immutable. Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job.", + "type": "string" + }, + "load": { + "description": "Immutable. Configures a load job.", + "properties": { + "allowJaggedRows": { + "description": "Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls.\nIf false, records with missing trailing columns are treated as bad records, and if there are too many bad records,\nan invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats.", + "type": "boolean" + }, + "allowQuotedNewlines": { + "description": "Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file.\nThe default value is false.", + "type": "boolean" + }, + "autodetect": { + "description": "Immutable. Indicates if we should automatically infer the options and schema for CSV and JSON sources.", + "type": "boolean" + }, + "createDisposition": { + "description": "Immutable. Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_NEVER\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"].", + "type": "string" + }, + "destinationEncryptionConfiguration": { + "description": "Immutable. Custom encryption configuration (e.g., Cloud KMS keys).", + "properties": { + "kmsKeyRef": { + "description": "Describes the Cloud KMS encryption key that will be used to protect\ndestination BigQuery table. The BigQuery Service Account associated\nwith your project requires access to this encryption key.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyVersion": { + "description": "Describes the Cloud KMS encryption key version used to protect destination BigQuery table.", + "type": "string" + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "destinationTable": { + "description": "Immutable. The destination table to load the data into.", + "properties": { + "tableRef": { + "description": "A reference to the table.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `BigQueryTable` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "tableRef" + ], + "type": "object", + "additionalProperties": false + }, + "encoding": { + "description": "Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.\nThe default value is UTF-8. BigQuery decodes the data after the raw, binary data\nhas been split using the values of the quote and fieldDelimiter properties.", + "type": "string" + }, + "fieldDelimiter": { + "description": "Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character.\nTo use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts\nthe string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the\ndata in its raw, binary state. BigQuery also supports the escape sequence \"\\t\" to specify a tab separator.\nThe default value is a comma (',').", + "type": "string" + }, + "ignoreUnknownValues": { + "description": "Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema.\nIf true, the extra values are ignored. If false, records with extra columns are treated as bad records,\nand if there are too many bad records, an invalid error is returned in the job result.\nThe default value is false. The sourceFormat property determines what BigQuery treats as an extra value:\nCSV: Trailing columns\nJSON: Named values that don't match any column names.", + "type": "boolean" + }, + "jsonExtension": { + "description": "Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON.\nFor a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited\nGeoJSON: set to GEOJSON.", + "type": "string" + }, + "maxBadRecords": { + "description": "Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value,\nan invalid error is returned in the job result. The default value is 0, which requires that all records are valid.", + "type": "integer" + }, + "nullMarker": { + "description": "Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify \"\\N\", BigQuery interprets \"\\N\" as a null value\nwhen loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an\nempty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as\nan empty value.", + "type": "string" + }, + "parquetOptions": { + "description": "Immutable. Parquet Options for load and make external tables.", + "properties": { + "enableListInference": { + "description": "Immutable. If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type.", + "type": "boolean" + }, + "enumAsString": { + "description": "Immutable. If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectionFields": { + "description": "Immutable. If sourceFormat is set to \"DATASTORE_BACKUP\", indicates which entity properties to load into BigQuery from a Cloud Datastore backup.\nProperty names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties.\nIf any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result.", + "items": { + "type": "string" + }, + "type": "array" + }, + "quote": { + "description": "Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding,\nand then uses the first byte of the encoded string to split the data in its raw, binary state.\nThe default value is a double-quote ('\"'). If your data does not contain quoted sections, set the property value to an empty string.\nIf your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true.", + "type": "string" + }, + "schemaUpdateOptions": { + "description": "Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or\nsupplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators.\nFor normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.", + "items": { + "type": "string" + }, + "type": "array" + }, + "skipLeadingRows": { + "description": "Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data.\nThe default value is 0. This property is useful if you have header rows in the file that should be skipped.\nWhen autodetect is on, the behavior is the following:\nskipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected,\nthe row is read as data. Otherwise data is read starting from the second row.\nskipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row.\nskipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected,\nrow N is just skipped. Otherwise row N is used to extract column names for the detected schema.", + "type": "integer" + }, + "sourceFormat": { + "description": "Immutable. The format of the data files. For CSV files, specify \"CSV\". For datastore backups, specify \"DATASTORE_BACKUP\".\nFor newline-delimited JSON, specify \"NEWLINE_DELIMITED_JSON\". For Avro, specify \"AVRO\". For parquet, specify \"PARQUET\".\nFor orc, specify \"ORC\". [Beta] For Bigtable, specify \"BIGTABLE\".\nThe default value is CSV.", + "type": "string" + }, + "sourceUris": { + "description": "Immutable. The fully-qualified URIs that point to your data in Google Cloud.\nFor Google Cloud Storage URIs: Each URI can contain one '\\*' wildcard character\nand it must come after the 'bucket' name. Size limits related to load jobs apply\nto external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be\nspecified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table.\nFor Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\\*' wildcard character is not allowed.", + "items": { + "type": "string" + }, + "type": "array" + }, + "timePartitioning": { + "description": "Immutable. Time-based partitioning specification for the destination table.", + "properties": { + "expirationMs": { + "description": "Immutable. Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value.", + "type": "string" + }, + "field": { + "description": "Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field.\nThe field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED.\nA wrapper is used here because an empty string is an invalid value.", + "type": "string" + }, + "type": { + "description": "Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error,\nbut in OnePlatform the field will be treated as unset.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "writeDisposition": { + "description": "Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"].", + "type": "string" + } + }, + "required": [ + "destinationTable", + "sourceUris" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The geographic location of the job. The default value is US.", + "type": "string" + }, + "query": { + "description": "Immutable. Configures a query job.", + "properties": { + "allowLargeResults": { + "description": "Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance.\nRequires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed.\nHowever, you must still set destinationTable when result size exceeds the allowed maximum response size.", + "type": "boolean" + }, + "createDisposition": { + "description": "Immutable. Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_NEVER\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"].", + "type": "string" + }, + "defaultDataset": { + "description": "Immutable. Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names.", + "properties": { + "datasetRef": { + "description": "A reference to the dataset.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `BigQueryDataset` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "datasetRef" + ], + "type": "object", + "additionalProperties": false + }, + "destinationEncryptionConfiguration": { + "description": "Immutable. Custom encryption configuration (e.g., Cloud KMS keys).", + "properties": { + "kmsKeyRef": { + "description": "Describes the Cloud KMS encryption key that will be used to protect\ndestination BigQuery table. The BigQuery Service Account associated\nwith your project requires access to this encryption key.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyVersion": { + "description": "Describes the Cloud KMS encryption key version used to protect destination BigQuery table.", + "type": "string" + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "destinationTable": { + "description": "Immutable. Describes the table where the query results should be stored.\nThis property must be set for large results that exceed the maximum response size.\nFor queries that produce anonymous (cached) results, this field will be populated by BigQuery.", + "properties": { + "tableRef": { + "description": "A reference to the table.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `BigQueryTable` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "tableRef" + ], + "type": "object", + "additionalProperties": false + }, + "flattenResults": { + "description": "Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results.\nallowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened.", + "type": "boolean" + }, + "maximumBillingTier": { + "description": "Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.", + "type": "integer" + }, + "maximumBytesBilled": { + "description": "Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.", + "type": "string" + }, + "parameterMode": { + "description": "Immutable. Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query.", + "type": "string" + }, + "priority": { + "description": "Immutable. Specifies a priority for the query. Default value: \"INTERACTIVE\" Possible values: [\"INTERACTIVE\", \"BATCH\"].", + "type": "string" + }, + "query": { + "description": "Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL.\n*NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language)\n('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = \"\"' and 'write_disposition = \"\"'.", + "type": "string" + }, + "schemaUpdateOptions": { + "description": "Immutable. Allows the schema of the destination table to be updated as a side effect of the query job.\nSchema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table,\nspecified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema.\nOne or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.", + "items": { + "type": "string" + }, + "type": "array" + }, + "scriptOptions": { + "description": "Immutable. Options controlling the execution of scripts.", + "properties": { + "keyResultStatement": { + "description": "Immutable. Determines which statement in the script represents the \"key result\",\nused to populate the schema and query results of the script job. Possible values: [\"LAST\", \"FIRST_SELECT\"].", + "type": "string" + }, + "statementByteBudget": { + "description": "Immutable. Limit on the number of bytes billed per statement. Exceeding this budget results in an error.", + "type": "string" + }, + "statementTimeoutMs": { + "description": "Immutable. Timeout period for each statement in a script.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "useLegacySql": { + "description": "Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true.\nIf set to false, the query will use BigQuery's standard SQL.", + "type": "boolean" + }, + "useQueryCache": { + "description": "Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever\ntables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified.\nThe default value is true.", + "type": "boolean" + }, + "userDefinedFunctionResources": { + "description": "Immutable. Describes user-defined function resources used in the query.", + "items": { + "properties": { + "inlineCode": { + "description": "Immutable. An inline resource that contains code for a user-defined function (UDF).\nProviding a inline code resource is equivalent to providing a URI for a file containing the same code.", + "type": "string" + }, + "resourceUri": { + "description": "Immutable. A code resource to load from a Google Cloud Storage URI (gs://bucket/path).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "writeDisposition": { + "description": "Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"].", + "type": "string" + } + }, + "required": [ + "query" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The jobId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "jobType": { + "description": "The type of the job.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "status": { + "description": "The status of this job. Examine this value when polling an asynchronous job to see if the job is complete.", + "items": { + "properties": { + "errorResult": { + "description": "Final error result of the job. If present, indicates that the job has completed and was unsuccessful.", + "items": { + "properties": { + "location": { + "description": "Specifies where the error occurred, if present.", + "type": "string" + }, + "message": { + "description": "A human-readable description of the error.", + "type": "string" + }, + "reason": { + "description": "A short error code that summarizes the error.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "errors": { + "description": "The first errors encountered during the running of the job. The final message\nincludes the number of errors that caused the process to stop. Errors here do\nnot necessarily mean that the job has not completed or was unsuccessful.", + "items": { + "properties": { + "location": { + "description": "Specifies where the error occurred, if present.", + "type": "string" + }, + "message": { + "description": "A human-readable description of the error.", + "type": "string" + }, + "reason": { + "description": "A short error code that summarizes the error.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "state": { + "description": "Running state of the job. Valid states include 'PENDING', 'RUNNING', and 'DONE'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "userEmail": { + "description": "Email address of the user who ran the job.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/bigquery.cnrm.cloud.google.com/bigqueryroutine_v1beta1.json b/bigquery.cnrm.cloud.google.com/bigqueryroutine_v1beta1.json new file mode 100644 index 00000000..b7fb39e8 --- /dev/null +++ b/bigquery.cnrm.cloud.google.com/bigqueryroutine_v1beta1.json @@ -0,0 +1,243 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "arguments": { + "description": "Input/output argument of a function or a stored procedure.", + "items": { + "properties": { + "argumentKind": { + "description": "Defaults to FIXED_TYPE. Default value: \"FIXED_TYPE\" Possible values: [\"FIXED_TYPE\", \"ANY_TYPE\"].", + "type": "string" + }, + "dataType": { + "description": "A JSON schema for the data type. Required unless argumentKind = ANY_TYPE.\n~>**NOTE**: Because this field expects a JSON string, any changes to the string\nwill create a diff, even if the JSON itself hasn't changed. If the API returns\na different value for the same schema, e.g. it switched the order of values\nor replaced STRUCT field type with RECORD field type, we currently cannot\nsuppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.", + "type": "string" + }, + "mode": { + "description": "Specifies whether the argument is input or output. Can be set for procedures only. Possible values: [\"IN\", \"OUT\", \"INOUT\"].", + "type": "string" + }, + "name": { + "description": "The name of this argument. Can be absent for function return argument.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "datasetRef": { + "description": "The ID of the dataset containing this routine.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `BigQueryDataset` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "definitionBody": { + "description": "The body of the routine. For functions, this is the expression in the AS clause.\nIf language=SQL, it is the substring inside (but excluding) the parentheses.", + "type": "string" + }, + "description": { + "description": "The description of the routine if defined.", + "type": "string" + }, + "determinismLevel": { + "description": "The determinism level of the JavaScript UDF if defined. Possible values: [\"DETERMINISM_LEVEL_UNSPECIFIED\", \"DETERMINISTIC\", \"NOT_DETERMINISTIC\"].", + "type": "string" + }, + "importedLibraries": { + "description": "Optional. If language = \"JAVASCRIPT\", this field stores the path of the\nimported JAVASCRIPT libraries.", + "items": { + "type": "string" + }, + "type": "array" + }, + "language": { + "description": "The language of the routine. Possible values: [\"SQL\", \"JAVASCRIPT\"].", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The routineId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "returnTableType": { + "description": "Optional. Can be set only if routineType = \"TABLE_VALUED_FUNCTION\".\n\nIf absent, the return table type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the columns in the evaluated table result will\nbe cast to match the column types specificed in return table type, at query time.", + "type": "string" + }, + "returnType": { + "description": "A JSON schema for the return type. Optional if language = \"SQL\"; required otherwise.\nIf absent, the return type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the evaluated result will be cast to\nthe specified returned type at query time. ~>**NOTE**: Because this field expects a JSON\nstring, any changes to the string will create a diff, even if the JSON itself hasn't\nchanged. If the API returns a different value for the same schema, e.g. it switche\nd the order of values or replaced STRUCT field type with RECORD field type, we currently\ncannot suppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.", + "type": "string" + }, + "routineType": { + "description": "Immutable. The type of routine. Possible values: [\"SCALAR_FUNCTION\", \"PROCEDURE\", \"TABLE_VALUED_FUNCTION\"].", + "type": "string" + } + }, + "required": [ + "datasetRef", + "definitionBody", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTime": { + "description": "The time when this routine was created, in milliseconds since the\nepoch.", + "type": "integer" + }, + "lastModifiedTime": { + "description": "The time when this routine was modified, in milliseconds since the\nepoch.", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/bigquery.cnrm.cloud.google.com/bigquerytable_v1beta1.json b/bigquery.cnrm.cloud.google.com/bigquerytable_v1beta1.json new file mode 100644 index 00000000..ac191204 --- /dev/null +++ b/bigquery.cnrm.cloud.google.com/bigquerytable_v1beta1.json @@ -0,0 +1,610 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clustering": { + "description": "Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order.", + "items": { + "type": "string" + }, + "type": "array" + }, + "datasetRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `BigQueryDataset` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "The field description.", + "type": "string" + }, + "encryptionConfiguration": { + "description": "Immutable. Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process is transparent to the user.", + "properties": { + "kmsKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyVersion": { + "description": "The self link or full name of the kms key version used to encrypt this table.", + "type": "string" + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "expirationTime": { + "description": "The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed.", + "type": "integer" + }, + "externalDataConfiguration": { + "description": "Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table.", + "properties": { + "autodetect": { + "description": "Let BigQuery try to autodetect the schema and format of the table.", + "type": "boolean" + }, + "avroOptions": { + "description": "Additional options if source_format is set to \"AVRO\".", + "properties": { + "useAvroLogicalTypes": { + "description": "If sourceFormat is set to \"AVRO\", indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER).", + "type": "boolean" + } + }, + "required": [ + "useAvroLogicalTypes" + ], + "type": "object", + "additionalProperties": false + }, + "compression": { + "description": "The compression type of the data source. Valid values are \"NONE\" or \"GZIP\".", + "type": "string" + }, + "connectionId": { + "description": "The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connectionId can have the form \"{{project}}.{{location}}.{{connection_id}}\" or \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\".", + "type": "string" + }, + "csvOptions": { + "description": "Additional properties to set if source_format is set to \"CSV\".", + "properties": { + "allowJaggedRows": { + "description": "Indicates if BigQuery should accept rows that are missing trailing optional columns.", + "type": "boolean" + }, + "allowQuotedNewlines": { + "description": "Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false.", + "type": "boolean" + }, + "encoding": { + "description": "The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.", + "type": "string" + }, + "fieldDelimiter": { + "description": "The separator for fields in a CSV file.", + "type": "string" + }, + "quote": { + "type": "string" + }, + "skipLeadingRows": { + "description": "The number of rows at the top of a CSV file that BigQuery will skip when reading the data.", + "type": "integer" + } + }, + "required": [ + "quote" + ], + "type": "object", + "additionalProperties": false + }, + "fileSetSpecType": { + "description": "Specifies how source URIs are interpreted for constructing the file set to load. By default source URIs are expanded against the underlying storage. Other options include specifying manifest files. Only applicable to object storage systems.", + "type": "string" + }, + "googleSheetsOptions": { + "description": "Additional options if source_format is set to \"GOOGLE_SHEETS\".", + "properties": { + "range": { + "description": "Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: \"sheet_name!top_left_cell_id:bottom_right_cell_id\" For example: \"sheet1!A1:B20\".", + "type": "string" + }, + "skipLeadingRows": { + "description": "The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "hivePartitioningOptions": { + "description": "When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification.", + "properties": { + "mode": { + "description": "When set, what mode of hive partitioning to use when reading data.", + "type": "string" + }, + "requirePartitionFilter": { + "description": "If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.", + "type": "boolean" + }, + "sourceUriPrefix": { + "description": "When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ignoreUnknownValues": { + "description": "Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false.", + "type": "boolean" + }, + "jsonOptions": { + "description": "Additional properties to set if sourceFormat is set to JSON.\".", + "properties": { + "encoding": { + "description": "The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "maxBadRecords": { + "description": "The maximum number of bad records that BigQuery can ignore when reading data.", + "type": "integer" + }, + "metadataCacheMode": { + "description": "Metadata Cache Mode for the table. Set this to enable caching of metadata from external data source.", + "type": "string" + }, + "objectMetadata": { + "description": "Object Metadata is used to create Object Tables. Object Tables contain a listing of objects (with their metadata) found at the sourceUris. If ObjectMetadata is set, sourceFormat should be omitted.", + "type": "string" + }, + "parquetOptions": { + "description": "Additional properties to set if sourceFormat is set to PARQUET.\".", + "properties": { + "enableListInference": { + "description": "Indicates whether to use schema inference specifically for Parquet LIST logical type.", + "type": "boolean" + }, + "enumAsString": { + "description": "Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "referenceFileSchemaUri": { + "description": "When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.", + "type": "string" + }, + "schema": { + "description": "Immutable. A JSON schema for the external table. Schema is required for CSV and JSON formats and is disallowed for Google Cloud Bigtable, Cloud Datastore backups, and Avro formats when using external tables.", + "type": "string" + }, + "sourceFormat": { + "description": " Please see sourceFormat under ExternalDataConfiguration in Bigquery's public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) for supported formats. To use \"GOOGLE_SHEETS\" the scopes must include \"googleapis.com/auth/drive.readonly\".", + "type": "string" + }, + "sourceUris": { + "description": "A list of the fully-qualified URIs that point to your data in Google Cloud.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "autodetect", + "sourceUris" + ], + "type": "object", + "additionalProperties": false + }, + "friendlyName": { + "description": "A descriptive name for the table.", + "type": "string" + }, + "materializedView": { + "description": "If specified, configures this table as a materialized view.", + "properties": { + "allowNonIncrementalDefinition": { + "description": "Immutable. Allow non incremental materialized view definition. The default value is false.", + "type": "boolean" + }, + "enableRefresh": { + "description": "Specifies if BigQuery should automatically refresh materialized view when the base table is updated. The default is true.", + "type": "boolean" + }, + "query": { + "description": "Immutable. A query whose result is persisted.", + "type": "string" + }, + "refreshIntervalMs": { + "description": "Specifies maximum frequency at which this materialized view will be refreshed. The default is 1800000.", + "type": "integer" + } + }, + "required": [ + "query" + ], + "type": "object", + "additionalProperties": false + }, + "maxStaleness": { + "description": "The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of sql IntervalValue type.", + "type": "string" + }, + "rangePartitioning": { + "description": "If specified, configures range-based partitioning for this table.", + "properties": { + "field": { + "description": "Immutable. The field used to determine how to create a range-based partition.", + "type": "string" + }, + "range": { + "description": "Information required to partition based on ranges. Structure is documented below.", + "properties": { + "end": { + "description": "End of the range partitioning, exclusive.", + "type": "integer" + }, + "interval": { + "description": "The width of each range within the partition.", + "type": "integer" + }, + "start": { + "description": "Start of the range partitioning, inclusive.", + "type": "integer" + } + }, + "required": [ + "end", + "interval", + "start" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "field", + "range" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The tableId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "schema": { + "description": "A JSON schema for the table.", + "type": "string" + }, + "tableConstraints": { + "description": "Defines the primary key and foreign keys.", + "properties": { + "foreignKeys": { + "description": "Present only if the table has a foreign key. The foreign key is not enforced.", + "items": { + "properties": { + "columnReferences": { + "description": "The pair of the foreign key column and primary key column.", + "properties": { + "referencedColumn": { + "description": "The column in the primary key that are referenced by the referencingColumn.", + "type": "string" + }, + "referencingColumn": { + "description": "The column that composes the foreign key.", + "type": "string" + } + }, + "required": [ + "referencedColumn", + "referencingColumn" + ], + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Set only if the foreign key constraint is named.", + "type": "string" + }, + "referencedTable": { + "description": "The table that holds the primary key and is referenced by this foreign key.", + "properties": { + "datasetId": { + "description": "The ID of the dataset containing this table.", + "type": "string" + }, + "projectId": { + "description": "The ID of the project containing this table.", + "type": "string" + }, + "tableId": { + "description": "The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. Certain operations allow suffixing of the table ID with a partition decorator, such as sample_table$20190123.", + "type": "string" + } + }, + "required": [ + "datasetId", + "projectId", + "tableId" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "columnReferences", + "referencedTable" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "primaryKey": { + "description": "Represents a primary key constraint on a table's columns. Present only if the table has a primary key. The primary key is not enforced.", + "properties": { + "columns": { + "description": "The columns that are composed of the primary key constraint.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "columns" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timePartitioning": { + "description": "If specified, configures time-based partitioning for this table.", + "properties": { + "expirationMs": { + "description": "Number of milliseconds for which to keep the storage for a partition.", + "type": "integer" + }, + "field": { + "description": "Immutable. The field used to determine how to create a time-based partition. If time-based partitioning is enabled without this value, the table is partitioned based on the load time.", + "type": "string" + }, + "requirePartitionFilter": { + "description": "If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.", + "type": "boolean" + }, + "type": { + "description": "The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "view": { + "description": "If specified, configures this table as a view.", + "properties": { + "query": { + "description": "A query that BigQuery executes when the view is referenced.", + "type": "string" + }, + "useLegacySql": { + "description": "Specifies whether to use BigQuery's legacy SQL for this view. The default value is true. If set to false, the view will use BigQuery's standard SQL.", + "type": "boolean" + } + }, + "required": [ + "query" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "datasetRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTime": { + "description": "The time when this table was created, in milliseconds since the epoch.", + "type": "integer" + }, + "etag": { + "description": "A hash of the resource.", + "type": "string" + }, + "lastModifiedTime": { + "description": "The time when this table was last modified, in milliseconds since the epoch.", + "type": "integer" + }, + "location": { + "description": "The geographic location where the table resides. This value is inherited from the dataset.", + "type": "string" + }, + "numBytes": { + "description": "The geographic location where the table resides. This value is inherited from the dataset.", + "type": "integer" + }, + "numLongTermBytes": { + "description": "The number of bytes in the table that are considered \"long-term storage\".", + "type": "integer" + }, + "numRows": { + "description": "The number of rows of data in this table, excluding any data in the streaming buffer.", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + }, + "type": { + "description": "Describes the table type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/bigtable.cnrm.cloud.google.com/bigtableappprofile_v1beta1.json b/bigtable.cnrm.cloud.google.com/bigtableappprofile_v1beta1.json new file mode 100644 index 00000000..1feb2b92 --- /dev/null +++ b/bigtable.cnrm.cloud.google.com/bigtableappprofile_v1beta1.json @@ -0,0 +1,167 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Long form description of the use case for this app profile.", + "type": "string" + }, + "instanceRef": { + "description": "The instance to create the app profile within.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `BigtableInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "multiClusterRoutingClusterIds": { + "description": "The set of clusters to route to. The order is ignored; clusters will be tried in order of distance. If left empty, all clusters are eligible.", + "items": { + "type": "string" + }, + "type": "array" + }, + "multiClusterRoutingUseAny": { + "description": "If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available\nin the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes\nconsistency to improve availability.", + "type": "boolean" + }, + "resourceID": { + "description": "Immutable. Optional. The appProfileId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "singleClusterRouting": { + "description": "Use a single-cluster routing policy.", + "properties": { + "allowTransactionalWrites": { + "description": "If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile.\nIt is unsafe to send these requests to the same table/row/column in multiple clusters.", + "type": "boolean" + }, + "clusterId": { + "description": "The cluster to which read/write requests should be routed.", + "type": "string" + } + }, + "required": [ + "clusterId" + ], + "type": "object", + "additionalProperties": false + }, + "standardIsolation": { + "description": "The standard options used for isolating this app profile's traffic from other use cases.", + "properties": { + "priority": { + "description": "The priority of requests sent using this app profile. Possible values: [\"PRIORITY_LOW\", \"PRIORITY_MEDIUM\", \"PRIORITY_HIGH\"].", + "type": "string" + } + }, + "required": [ + "priority" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The unique name of the requested app profile. Values are of the form 'projects//instances//appProfiles/'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/bigtable.cnrm.cloud.google.com/bigtablegcpolicy_v1beta1.json b/bigtable.cnrm.cloud.google.com/bigtablegcpolicy_v1beta1.json new file mode 100644 index 00000000..ef38e195 --- /dev/null +++ b/bigtable.cnrm.cloud.google.com/bigtablegcpolicy_v1beta1.json @@ -0,0 +1,221 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "columnFamily": { + "description": "Immutable. The name of the column family.", + "type": "string" + }, + "deletionPolicy": { + "description": "The deletion policy for the GC policy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for GC policy as it cannot be deleted\n\t\t\t\tin a replicated instance. Possible values are: \"ABANDON\".", + "type": "string" + }, + "gcRules": { + "description": "Serialized JSON string for garbage collection policy. Conflicts with \"mode\", \"max_age\" and \"max_version\".", + "type": "string" + }, + "instanceRef": { + "description": "The name of the Bigtable instance.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `BigtableInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "maxAge": { + "description": "Immutable. NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all cells older than the given age.", + "items": { + "properties": { + "days": { + "description": "DEPRECATED. Deprecated in favor of duration. Immutable. Number of days before applying GC policy.", + "type": "integer" + }, + "duration": { + "description": "Immutable. Duration before applying GC policy.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "maxVersion": { + "description": "Immutable. NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all versions of a cell except for the most recent.", + "items": { + "properties": { + "number": { + "description": "Immutable. Number of version before applying the GC policy.", + "type": "integer" + } + }, + "required": [ + "number" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "mode": { + "description": "Immutable. NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. If multiple policies are set, you should choose between UNION OR INTERSECTION.", + "type": "string" + }, + "tableRef": { + "description": "The name of the table.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `BigtableTable` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "columnFamily", + "instanceRef", + "tableRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/bigtable.cnrm.cloud.google.com/bigtableinstance_v1beta1.json b/bigtable.cnrm.cloud.google.com/bigtableinstance_v1beta1.json new file mode 100644 index 00000000..61fa70be --- /dev/null +++ b/bigtable.cnrm.cloud.google.com/bigtableinstance_v1beta1.json @@ -0,0 +1,186 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "cluster": { + "description": "A block of cluster configuration options. This can be specified at least once.", + "items": { + "properties": { + "autoscalingConfig": { + "description": "A list of Autoscaling configurations. Only one element is used and allowed.", + "properties": { + "cpuTarget": { + "description": "The target CPU utilization for autoscaling. Value must be between 10 and 80.", + "type": "integer" + }, + "maxNodes": { + "description": "The maximum number of nodes for autoscaling.", + "type": "integer" + }, + "minNodes": { + "description": "The minimum number of nodes for autoscaling.", + "type": "integer" + }, + "storageTarget": { + "description": "The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters.", + "type": "integer" + } + }, + "required": [ + "cpuTarget", + "maxNodes", + "minNodes" + ], + "type": "object", + "additionalProperties": false + }, + "clusterId": { + "description": "The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers.", + "type": "string" + }, + "kmsKeyRef": { + "description": "Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable\ncluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains\nthis cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key.\n2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster.\n3) All clusters within an instance must use the same CMEK key access to this encryption key.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "numNodes": { + "description": "The number of nodes in the cluster. If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization.", + "type": "integer" + }, + "storageType": { + "description": "The storage type to use. One of \"SSD\" or \"HDD\". Defaults to \"SSD\".", + "type": "string" + }, + "zone": { + "description": "The zone to create the Cloud Bigtable cluster in. Each cluster must have a different zone in the same region. Zones that support Bigtable instances are noted on the Cloud Bigtable locations page.", + "type": "string" + } + }, + "required": [ + "clusterId", + "zone" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "deletionProtection": { + "description": "DEPRECATED. This field no longer serves any function and is intended to be dropped in a later version of the resource.", + "type": "boolean" + }, + "displayName": { + "description": "The human-readable display name of the Bigtable instance. Defaults to the instance name.", + "type": "string" + }, + "instanceType": { + "description": "DEPRECATED. It is recommended to leave this field unspecified since the distinction between \"DEVELOPMENT\" and \"PRODUCTION\" instances is going away, and all instances will become \"PRODUCTION\" instances. This means that new and existing \"DEVELOPMENT\" instances will be converted to \"PRODUCTION\" instances. It is recommended for users to use \"PRODUCTION\" instances in any case, since a 1-node \"PRODUCTION\" instance is functionally identical to a \"DEVELOPMENT\" instance, but without the accompanying restrictions. The instance type to create. One of \"DEVELOPMENT\" or \"PRODUCTION\". Defaults to \"PRODUCTION\".", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/bigtable.cnrm.cloud.google.com/bigtabletable_v1beta1.json b/bigtable.cnrm.cloud.google.com/bigtabletable_v1beta1.json new file mode 100644 index 00000000..eb79ad32 --- /dev/null +++ b/bigtable.cnrm.cloud.google.com/bigtabletable_v1beta1.json @@ -0,0 +1,153 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "changeStreamRetention": { + "description": "Duration to retain change stream data for the table. Set to 0 to disable. Must be between 1 and 7 days.", + "type": "string" + }, + "columnFamily": { + "description": "A group of columns within a table which share a common configuration. This can be specified multiple times.", + "items": { + "properties": { + "family": { + "description": "The name of the column family.", + "type": "string" + } + }, + "required": [ + "family" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "deletionProtection": { + "description": "A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value.", + "type": "string" + }, + "instanceRef": { + "description": "The name of the Bigtable instance.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `BigtableInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "splitKeys": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "instanceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/billingbudgets.cnrm.cloud.google.com/billingbudgetsbudget_v1beta1.json b/billingbudgets.cnrm.cloud.google.com/billingbudgetsbudget_v1beta1.json new file mode 100644 index 00000000..b04dd21d --- /dev/null +++ b/billingbudgets.cnrm.cloud.google.com/billingbudgetsbudget_v1beta1.json @@ -0,0 +1,505 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "allUpdatesRule": { + "description": "Optional. Rules to apply to notifications sent based on budget spend and thresholds.", + "properties": { + "disableDefaultIamRecipients": { + "description": "Optional. When set to true, disables default notifications sent when a threshold is exceeded. Default notifications are sent to those with Billing Account Administrator and Billing Account User IAM roles for the target account.", + "type": "boolean" + }, + "monitoringNotificationChannels": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `MonitoringNotificationChannel` resource (format: `projects/{{project}}/notificationChannels/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "pubsubTopicRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions.\n\nAllowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "schemaVersion": { + "description": "Optional. Required when NotificationsRule.pubsub_topic is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. Only \"1.0\" is accepted. It represents the JSON schema as defined in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "amount": { + "description": "Required. Budgeted amount.", + "properties": { + "lastPeriodAmount": { + "description": "Use the last period's actual spend as the budget for the present period. LastPeriodAmount can only be set when the budget's time period is a .", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "specifiedAmount": { + "description": "A specified amount to use as the budget. `currency_code` is optional. If specified when creating a budget, it must match the currency of the billing account. If specified when updating a budget, it must match the currency_code of the existing budget. The `currency_code` is provided on output.", + "properties": { + "currencyCode": { + "description": "Immutable. The three-letter currency code defined in ISO 4217.", + "type": "string" + }, + "nanos": { + "description": "Number of nano (10^-9) units of the amount. The value must be between -999,999,999 and +999,999,999 inclusive. If `units` is positive, `nanos` must be positive or zero. If `units` is zero, `nanos` can be positive, zero, or negative. If `units` is negative, `nanos` must be negative or zero. For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000.", + "format": "int64", + "type": "integer" + }, + "units": { + "description": "The whole units of the amount. For example if `currencyCode` is `\"USD\"`, then 1 unit is one US dollar.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "billingAccountRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The billing account of the resource\n\nAllowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "budgetFilter": { + "description": "Optional. Filters that define which resources are used to compute the actual spend against the budget amount, such as projects, services, and the budget's time period, as well as other filters.", + "properties": { + "calendarPeriod": { + "description": "Optional. Specifies to track usage for recurring calendar period. For example, assume that CalendarPeriod.QUARTER is set. The budget will track usage from April 1 to June 30, when the current calendar month is April, May, June. After that, it will track usage from July 1 to September 30 when the current calendar month is July, August, September, so on. Possible values: CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR", + "type": "string" + }, + "creditTypes": { + "description": "Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, this is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values. If Filter.credit_types_treatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty.", + "items": { + "type": "string" + }, + "type": "array" + }, + "creditTypesTreatment": { + "description": "Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`.", + "type": "string" + }, + "customPeriod": { + "description": "Optional. Specifies to track usage from any start date (required) to any end date (optional). This time period is static, it does not recur.", + "properties": { + "endDate": { + "description": "Immutable. Optional. The end date of the time period. Budgets with elapsed end date won't be processed. If unset, specifies to track all usage incurred since the start_date.", + "properties": { + "day": { + "description": "Immutable. Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Immutable. Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Immutable. Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "startDate": { + "description": "Immutable. Required. The start date must be after January 1, 2017.", + "properties": { + "day": { + "description": "Immutable. Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Immutable. Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Immutable. Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "startDate" + ], + "type": "object", + "additionalProperties": false + }, + "labels": { + "additionalProperties": { + "properties": { + "values": { + "description": "Immutable. The values of the label", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": "Optional. A single label and value pair specifying that usage from only this set of labeled resources should be included in the budget. Currently, multiple entries or multiple values per entry are not allowed. If omitted, the report will include all labeled and unlabeled usage.", + "type": "object" + }, + "projects": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "services": { + "description": "Optional. A set of services of the form `services/{service_id}`, specifying that usage from only this set of services should be included in the budget. If omitted, the report will include usage for all the services. The service names are available through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.", + "items": { + "type": "string" + }, + "type": "array" + }, + "subaccounts": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "type": "string" + }, + "name": { + "description": "[WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "User data for display name in UI. The name must be less than or equal to 60 characters.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "thresholdRules": { + "description": "Optional. Rules that trigger alerts (notifications of thresholds being crossed) when spend exceeds the specified percentages of the budget.", + "items": { + "properties": { + "spendBasis": { + "description": "Optional. The type of basis used to determine if spend has passed the threshold. Behavior defaults to CURRENT_SPEND if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, FORECASTED_SPEND", + "type": "string" + }, + "thresholdPercent": { + "description": "Required. Send an alert when this threshold is exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: non-negative number.", + "format": "double", + "type": "number" + } + }, + "required": [ + "thresholdPercent" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "amount", + "billingAccountRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "etag": { + "description": "Optional. Etag to validate that the object is unchanged for a read-modify-write operation. An empty etag will cause an update to overwrite other changes.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/binaryauthorization.cnrm.cloud.google.com/binaryauthorizationattestor_v1beta1.json b/binaryauthorization.cnrm.cloud.google.com/binaryauthorizationattestor_v1beta1.json new file mode 100644 index 00000000..35764ef9 --- /dev/null +++ b/binaryauthorization.cnrm.cloud.google.com/binaryauthorizationattestor_v1beta1.json @@ -0,0 +1,238 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "userOwnedDrydockNote": { + "description": "This specifies how an attestation will be read, and how it will be used during policy enforcement.", + "properties": { + "noteRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.\n\nAllowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "publicKeys": { + "description": "Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.", + "items": { + "properties": { + "asciiArmoredPgpPublicKey": { + "description": "ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.", + "type": "string" + }, + "comment": { + "description": "Optional. A descriptive comment. This field may be updated.", + "type": "string" + }, + "id": { + "description": "The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details.", + "type": "string" + }, + "pkixPublicKey": { + "description": "A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.", + "properties": { + "publicKeyPem": { + "description": "A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13", + "type": "string" + }, + "signatureAlgorithm": { + "description": "The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key). Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "noteRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. Time when the attestor was last updated.", + "format": "date-time", + "type": "string" + }, + "userOwnedDrydockNote": { + "properties": { + "delegationServiceAccountEmail": { + "description": "Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/binaryauthorization.cnrm.cloud.google.com/binaryauthorizationpolicy_v1beta1.json b/binaryauthorization.cnrm.cloud.google.com/binaryauthorizationpolicy_v1beta1.json new file mode 100644 index 00000000..e491414c --- /dev/null +++ b/binaryauthorization.cnrm.cloud.google.com/binaryauthorizationpolicy_v1beta1.json @@ -0,0 +1,517 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "admissionWhitelistPatterns": { + "description": "Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.", + "items": { + "properties": { + "namePattern": { + "description": "An image name pattern to allowlist, in the form `registry/path/to/image`. This supports a trailing `*` as a wildcard, but this is allowed only in text after the `registry/` part.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "clusterAdmissionRules": { + "additionalProperties": { + "properties": { + "enforcementMode": { + "description": "Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY", + "type": "string" + }, + "evaluationMode": { + "description": "Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION", + "type": "string" + }, + "requireAttestationsBy": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "enforcementMode", + "evaluationMode" + ], + "type": "object", + "additionalProperties": false + }, + "description": "Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.", + "type": "object" + }, + "defaultAdmissionRule": { + "description": "Required. Default admission rule for a cluster without a per-cluster, per-kubernetes-service-account, or per-istio-service-identity admission rule.", + "properties": { + "enforcementMode": { + "description": "Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY", + "type": "string" + }, + "evaluationMode": { + "description": "Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION", + "type": "string" + }, + "requireAttestationsBy": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "enforcementMode", + "evaluationMode" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Optional. A descriptive comment.", + "type": "string" + }, + "globalPolicyEvaluationMode": { + "description": "Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, ENABLE, DISABLE", + "type": "string" + }, + "istioServiceIdentityAdmissionRules": { + "additionalProperties": { + "properties": { + "enforcementMode": { + "description": "Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY", + "type": "string" + }, + "evaluationMode": { + "description": "Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION", + "type": "string" + }, + "requireAttestationsBy": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "enforcementMode", + "evaluationMode" + ], + "type": "object", + "additionalProperties": false + }, + "description": "Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default", + "type": "object" + }, + "kubernetesNamespaceAdmissionRules": { + "additionalProperties": { + "properties": { + "enforcementMode": { + "description": "Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY", + "type": "string" + }, + "evaluationMode": { + "description": "Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION", + "type": "string" + }, + "requireAttestationsBy": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "enforcementMode", + "evaluationMode" + ], + "type": "object", + "additionalProperties": false + }, + "description": "Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'", + "type": "object" + }, + "kubernetesServiceAccountAdmissionRules": { + "additionalProperties": { + "properties": { + "enforcementMode": { + "description": "Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY", + "type": "string" + }, + "evaluationMode": { + "description": "Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION", + "type": "string" + }, + "requireAttestationsBy": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "enforcementMode", + "evaluationMode" + ], + "type": "object", + "additionalProperties": false + }, + "description": "Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. 'test-ns:default'", + "type": "object" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project of the resource.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "defaultAdmissionRule", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "Output only. The resource name, in the format `projects/*/policy`. There is at most one policy per project.", + "type": "string" + }, + "updateTime": { + "description": "Output only. Time when the policy was last updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificate_v1alpha1.json b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificate_v1alpha1.json new file mode 100644 index 00000000..a74d2403 --- /dev/null +++ b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificate_v1alpha1.json @@ -0,0 +1,488 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A human-readable description of the resource.", + "type": "string" + }, + "location": { + "description": "Immutable. The Certificate Manager location. If not specified, \"global\" is used.", + "type": "string" + }, + "managed": { + "description": "Immutable. Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.", + "properties": { + "authorizationAttemptInfo": { + "description": "Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.", + "items": { + "properties": { + "details": { + "description": "Human readable explanation for reaching the state. Provided to help\naddress the configuration issues.\nNot guaranteed to be stable. For programmatic access use 'failure_reason' field.", + "type": "string" + }, + "domain": { + "description": "Domain name of the authorization attempt.", + "type": "string" + }, + "failureReason": { + "description": "Reason for failure of the authorization attempt for the domain.", + "type": "string" + }, + "state": { + "description": "State of the domain for managed certificate issuance.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "dnsAuthorizationsRefs": { + "items": { + "description": "Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specified, but not both.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/locations/global/dnsAuthorizations/{{value}}`, where {{value}} is the `name` field of a `CertificateManagerDNSAuthorization` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "domains": { + "description": "Immutable. The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution.", + "items": { + "type": "string" + }, + "type": "array" + }, + "issuanceConfigRef": { + "description": "Only the `external` field is supported to configure the reference.\n\nImmutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specified, but not both.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`, where {{value}} is the `name` field of a `CertificateManagerCertificateIssuanceConfig` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "provisioningIssue": { + "description": "Information about issues with provisioning this Managed Certificate.", + "items": { + "properties": { + "details": { + "description": "Human readable explanation about the issue. Provided to help address\nthe configuration issues.\nNot guaranteed to be stable. For programmatic access use 'reason' field.", + "type": "string" + }, + "reason": { + "description": "Reason for provisioning failures.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "state": { + "description": "A state of this Managed Certificate.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "scope": { + "description": "Immutable. The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates,\nserved from non-core Google data centers.\n\nALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).\nsee https://cloud.google.com/compute/docs/regions-zones.", + "type": "string" + }, + "selfManaged": { + "description": "Immutable. Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.", + "properties": { + "certificatePem": { + "description": "DEPRECATED. `certificate_pem` is deprecated. Use `pem_certificate` instead. Immutable. The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "pemCertificate": { + "description": "Immutable. The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.", + "type": "string" + }, + "pemPrivateKey": { + "description": "Immutable. The private key of the leaf certificate in PEM-encoded form.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "privateKeyPem": { + "description": "DEPRECATED. `private_key_pem` is deprecated. Use `pem_private_key` instead. Immutable. The private key of the leaf certificate in PEM-encoded form.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificate_v1beta1.json b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificate_v1beta1.json new file mode 100644 index 00000000..a74d2403 --- /dev/null +++ b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificate_v1beta1.json @@ -0,0 +1,488 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A human-readable description of the resource.", + "type": "string" + }, + "location": { + "description": "Immutable. The Certificate Manager location. If not specified, \"global\" is used.", + "type": "string" + }, + "managed": { + "description": "Immutable. Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.", + "properties": { + "authorizationAttemptInfo": { + "description": "Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.", + "items": { + "properties": { + "details": { + "description": "Human readable explanation for reaching the state. Provided to help\naddress the configuration issues.\nNot guaranteed to be stable. For programmatic access use 'failure_reason' field.", + "type": "string" + }, + "domain": { + "description": "Domain name of the authorization attempt.", + "type": "string" + }, + "failureReason": { + "description": "Reason for failure of the authorization attempt for the domain.", + "type": "string" + }, + "state": { + "description": "State of the domain for managed certificate issuance.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "dnsAuthorizationsRefs": { + "items": { + "description": "Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specified, but not both.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/locations/global/dnsAuthorizations/{{value}}`, where {{value}} is the `name` field of a `CertificateManagerDNSAuthorization` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "domains": { + "description": "Immutable. The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution.", + "items": { + "type": "string" + }, + "type": "array" + }, + "issuanceConfigRef": { + "description": "Only the `external` field is supported to configure the reference.\n\nImmutable. The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specified, but not both.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificateIssuanceConfigs/{{name}}`, where {{value}} is the `name` field of a `CertificateManagerCertificateIssuanceConfig` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "provisioningIssue": { + "description": "Information about issues with provisioning this Managed Certificate.", + "items": { + "properties": { + "details": { + "description": "Human readable explanation about the issue. Provided to help address\nthe configuration issues.\nNot guaranteed to be stable. For programmatic access use 'reason' field.", + "type": "string" + }, + "reason": { + "description": "Reason for provisioning failures.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "state": { + "description": "A state of this Managed Certificate.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "scope": { + "description": "Immutable. The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates,\nserved from non-core Google data centers.\n\nALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).\nsee https://cloud.google.com/compute/docs/regions-zones.", + "type": "string" + }, + "selfManaged": { + "description": "Immutable. Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.", + "properties": { + "certificatePem": { + "description": "DEPRECATED. `certificate_pem` is deprecated. Use `pem_certificate` instead. Immutable. The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "pemCertificate": { + "description": "Immutable. The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.", + "type": "string" + }, + "pemPrivateKey": { + "description": "Immutable. The private key of the leaf certificate in PEM-encoded form.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "privateKeyPem": { + "description": "DEPRECATED. `private_key_pem` is deprecated. Use `pem_private_key` instead. Immutable. The private key of the leaf certificate in PEM-encoded form.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemap_v1alpha1.json b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemap_v1alpha1.json new file mode 100644 index 00000000..218e163f --- /dev/null +++ b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemap_v1alpha1.json @@ -0,0 +1,173 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A human-readable description of the resource.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "gclbTargets": { + "description": "A list of target proxies that use this Certificate Map.", + "items": { + "properties": { + "ipConfigs": { + "description": "An IP configuration where this Certificate Map is serving.", + "items": { + "properties": { + "ipAddress": { + "description": "An external IP address.", + "type": "string" + }, + "ports": { + "description": "A list of ports.", + "items": { + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "targetHttpsProxy": { + "description": "Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*.\nThis field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or\n'targetSslProxy' may be set.", + "type": "string" + }, + "targetSslProxy": { + "description": "Proxy name must be in the format projects/*/locations/*/targetSslProxies/*.\nThis field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or\n'targetSslProxy' may be set.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemap_v1beta1.json b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemap_v1beta1.json new file mode 100644 index 00000000..218e163f --- /dev/null +++ b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemap_v1beta1.json @@ -0,0 +1,173 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A human-readable description of the resource.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "gclbTargets": { + "description": "A list of target proxies that use this Certificate Map.", + "items": { + "properties": { + "ipConfigs": { + "description": "An IP configuration where this Certificate Map is serving.", + "items": { + "properties": { + "ipAddress": { + "description": "An external IP address.", + "type": "string" + }, + "ports": { + "description": "A list of ports.", + "items": { + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "targetHttpsProxy": { + "description": "Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*.\nThis field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or\n'targetSslProxy' may be set.", + "type": "string" + }, + "targetSslProxy": { + "description": "Proxy name must be in the format projects/*/locations/*/targetSslProxies/*.\nThis field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or\n'targetSslProxy' may be set.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemapentry_v1alpha1.json b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemapentry_v1alpha1.json new file mode 100644 index 00000000..272f9d97 --- /dev/null +++ b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemapentry_v1alpha1.json @@ -0,0 +1,251 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "certificatesRefs": { + "items": { + "description": "A set of Certificates defines for the given hostname.\nThere can be defined up to fifteen certificates in each Certificate Map Entry.\nEach certificate must match pattern projects/*/locations/*/certificates/*.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificates/{{value}}`, where {{value}} is the `name` field of a `CertificateManagerCertificate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "description": { + "description": "A human-readable description of the resource.", + "type": "string" + }, + "hostname": { + "description": "Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com)\nfor a set of hostnames with common suffix. Used as Server Name Indication (SNI) for\nselecting a proper certificate.", + "type": "string" + }, + "mapRef": { + "description": "A map entry that is inputted into the certificate map.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CertificateManagerCertificateMap` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "matcher": { + "description": "Immutable. A predefined matcher for particular cases, other than SNI selection.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "certificatesRefs", + "mapRef", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "A serving state of this Certificate Map Entry.", + "type": "string" + }, + "updateTime": { + "description": "Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemapentry_v1beta1.json b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemapentry_v1beta1.json new file mode 100644 index 00000000..272f9d97 --- /dev/null +++ b/certificatemanager.cnrm.cloud.google.com/certificatemanagercertificatemapentry_v1beta1.json @@ -0,0 +1,251 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "certificatesRefs": { + "items": { + "description": "A set of Certificates defines for the given hostname.\nThere can be defined up to fifteen certificates in each Certificate Map Entry.\nEach certificate must match pattern projects/*/locations/*/certificates/*.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/locations/{{location}}/certificates/{{value}}`, where {{value}} is the `name` field of a `CertificateManagerCertificate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "description": { + "description": "A human-readable description of the resource.", + "type": "string" + }, + "hostname": { + "description": "Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com)\nfor a set of hostnames with common suffix. Used as Server Name Indication (SNI) for\nselecting a proper certificate.", + "type": "string" + }, + "mapRef": { + "description": "A map entry that is inputted into the certificate map.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CertificateManagerCertificateMap` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "matcher": { + "description": "Immutable. A predefined matcher for particular cases, other than SNI selection.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "certificatesRefs", + "mapRef", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "A serving state of this Certificate Map Entry.", + "type": "string" + }, + "updateTime": { + "description": "Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/certificatemanager.cnrm.cloud.google.com/certificatemanagerdnsauthorization_v1alpha1.json b/certificatemanager.cnrm.cloud.google.com/certificatemanagerdnsauthorization_v1alpha1.json new file mode 100644 index 00000000..2063979b --- /dev/null +++ b/certificatemanager.cnrm.cloud.google.com/certificatemanagerdnsauthorization_v1alpha1.json @@ -0,0 +1,153 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A human-readable description of the resource.", + "type": "string" + }, + "domain": { + "description": "Immutable. A domain which is being authorized. A DnsAuthorization resource covers a\nsingle domain and its wildcard, e.g. authorization for \"example.com\" can\nbe used to issue certificates for \"example.com\" and \"*.example.com\".", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "domain", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "dnsResourceRecord": { + "description": "The structure describing the DNS Resource Record that needs to be added\nto DNS configuration for the authorization to be usable by\ncertificate.", + "items": { + "properties": { + "data": { + "description": "Data of the DNS Resource Record.", + "type": "string" + }, + "name": { + "description": "Fully qualified name of the DNS Resource Record.\nE.g. '_acme-challenge.example.com'.", + "type": "string" + }, + "type": { + "description": "Type of the DNS Resource Record.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/certificatemanager.cnrm.cloud.google.com/certificatemanagerdnsauthorization_v1beta1.json b/certificatemanager.cnrm.cloud.google.com/certificatemanagerdnsauthorization_v1beta1.json new file mode 100644 index 00000000..2063979b --- /dev/null +++ b/certificatemanager.cnrm.cloud.google.com/certificatemanagerdnsauthorization_v1beta1.json @@ -0,0 +1,153 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A human-readable description of the resource.", + "type": "string" + }, + "domain": { + "description": "Immutable. A domain which is being authorized. A DnsAuthorization resource covers a\nsingle domain and its wildcard, e.g. authorization for \"example.com\" can\nbe used to issue certificates for \"example.com\" and \"*.example.com\".", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "domain", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "dnsResourceRecord": { + "description": "The structure describing the DNS Resource Record that needs to be added\nto DNS configuration for the authorization to be usable by\ncertificate.", + "items": { + "properties": { + "data": { + "description": "Data of the DNS Resource Record.", + "type": "string" + }, + "name": { + "description": "Fully qualified name of the DNS Resource Record.\nE.g. '_acme-challenge.example.com'.", + "type": "string" + }, + "type": { + "description": "Type of the DNS Resource Record.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/cloudbuild.cnrm.cloud.google.com/cloudbuildtrigger_v1beta1.json b/cloudbuild.cnrm.cloud.google.com/cloudbuildtrigger_v1beta1.json new file mode 100644 index 00000000..6be8007b --- /dev/null +++ b/cloudbuild.cnrm.cloud.google.com/cloudbuildtrigger_v1beta1.json @@ -0,0 +1,1691 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "approvalConfig": { + "description": "Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.", + "properties": { + "approvalRequired": { + "description": "Whether or not approval is needed. If this is set on a build, it will become pending when run,\nand will need to be explicitly approved to start.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "bitbucketServerTriggerConfig": { + "description": "BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.", + "properties": { + "bitbucketServerConfigResourceRef": { + "description": "Only `external` field is supported to configure the reference.\n\nThe full resource name of the bitbucket server config. Format:\nprojects/{project}/locations/{location}/bitbucketServerConfigs/{id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectKey": { + "description": "Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is \"TEST\".", + "type": "string" + }, + "pullRequest": { + "description": "Filter to match changes in pull requests.", + "properties": { + "branch": { + "description": "Regex of branches to match.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax.", + "type": "string" + }, + "commentControl": { + "description": "Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"].", + "type": "string" + }, + "invertRegex": { + "description": "If true, branches that do NOT match the git_ref will trigger a build.", + "type": "boolean" + } + }, + "required": [ + "branch" + ], + "type": "object", + "additionalProperties": false + }, + "push": { + "description": "Filter to match changes in refs like branches, tags.", + "properties": { + "branch": { + "description": "Regex of branches to match. Specify only one of branch or tag.", + "type": "string" + }, + "invertRegex": { + "description": "When true, only trigger a build if the revision regex does NOT match the gitRef regex.", + "type": "boolean" + }, + "tag": { + "description": "Regex of tags to match. Specify only one of branch or tag.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "repoSlug": { + "description": "Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL.\nFor example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo.", + "type": "string" + } + }, + "required": [ + "bitbucketServerConfigResourceRef", + "projectKey", + "repoSlug" + ], + "type": "object", + "additionalProperties": false + }, + "build": { + "description": "Contents of the build template. Either a filename or build template must be provided.", + "properties": { + "artifacts": { + "description": "Artifacts produced by the build that should be uploaded upon successful completion of all build steps.", + "properties": { + "images": { + "description": "A list of images to be pushed upon the successful completion of all build steps.\n\nThe images will be pushed using the builder service account's credentials.\n\nThe digests of the pushed images will be stored in the Build resource's results field.\n\nIf any of the images fail to be pushed, the build is marked FAILURE.", + "items": { + "type": "string" + }, + "type": "array" + }, + "objects": { + "description": "A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps.\n\nFiles in the workspace matching specified paths globs will be uploaded to the\nCloud Storage location using the builder service account's credentials.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.", + "properties": { + "location": { + "description": "Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\".\n\nFiles in the workspace matching any path pattern will be uploaded to Cloud Storage with\nthis location as a prefix.", + "type": "string" + }, + "paths": { + "description": "Path globs used to match files in the build's workspace.", + "items": { + "type": "string" + }, + "type": "array" + }, + "timing": { + "description": "Output only. Stores timing information for pushing all artifact objects.", + "items": { + "properties": { + "endTime": { + "description": "End of time span.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to\nnine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "startTime": { + "description": "Start of time span.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to\nnine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "availableSecrets": { + "description": "Secrets and secret environment variables.", + "properties": { + "secretManager": { + "description": "Pairs a secret environment variable with a SecretVersion in Secret Manager.", + "items": { + "properties": { + "env": { + "description": "Environment variable name to associate with the secret. Secret environment\nvariables must be unique across all of a build's secrets, and must be used\nby at least one build step.", + "type": "string" + }, + "versionRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SecretManagerSecretVersion` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "env", + "versionRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "secretManager" + ], + "type": "object", + "additionalProperties": false + }, + "images": { + "description": "A list of images to be pushed upon the successful completion of all build steps.\nThe images are pushed using the builder service account's credentials.\nThe digests of the pushed images will be stored in the Build resource's results field.\nIf any of the images fail to be pushed, the build status is marked FAILURE.", + "items": { + "type": "string" + }, + "type": "array" + }, + "logsBucketRef": { + "description": "Google Cloud Storage bucket where logs should be written. Logs file\nnames will be of the format ${logsBucket}/log-${build_id}.txt.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `url` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "options": { + "description": "Special options for this build.", + "properties": { + "diskSizeGb": { + "description": "Requested disk size for the VM that runs the build. Note that this is NOT \"disk free\";\nsome of the space will be used by the operating system and build utilities.\nAlso note that this is the minimum disk size that will be allocated for the build --\nthe build may run with a larger disk than requested. At present, the maximum disk size\nis 1000GB; builds that request more than the maximum are rejected with an error.", + "type": "integer" + }, + "dynamicSubstitutions": { + "description": "Option to specify whether or not to apply bash style string operations to the substitutions.\n\nNOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file.", + "type": "boolean" + }, + "env": { + "description": "A list of global environment variable definitions that will exist for all build steps\nin this build. If a variable is defined in both globally and in a build step,\nthe variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "logStreamingOption": { + "description": "Option to define build log streaming behavior to Google Cloud Storage. Possible values: [\"STREAM_DEFAULT\", \"STREAM_ON\", \"STREAM_OFF\"].", + "type": "string" + }, + "logging": { + "description": "Option to specify the logging mode, which determines if and where build logs are stored. Possible values: [\"LOGGING_UNSPECIFIED\", \"LEGACY\", \"GCS_ONLY\", \"STACKDRIVER_ONLY\", \"CLOUD_LOGGING_ONLY\", \"NONE\"].", + "type": "string" + }, + "machineType": { + "description": "Compute Engine machine type on which to run the build.", + "type": "string" + }, + "requestedVerifyOption": { + "description": "Requested verifiability options. Possible values: [\"NOT_VERIFIED\", \"VERIFIED\"].", + "type": "string" + }, + "secretEnv": { + "description": "A list of global environment variables, which are encrypted using a Cloud Key Management\nService crypto key. These values must be specified in the build's Secret. These variables\nwill be available to all build steps in this build.", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceProvenanceHash": { + "description": "Requested hash for SourceProvenance. Possible values: [\"NONE\", \"SHA256\", \"MD5\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "substitutionOption": { + "description": "Option to specify behavior when there is an error in the substitution checks.\n\nNOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden\nin the build configuration file. Possible values: [\"MUST_MATCH\", \"ALLOW_LOOSE\"].", + "type": "string" + }, + "volumes": { + "description": "Global list of volumes to mount for ALL build steps\n\nEach volume is created as an empty volume prior to starting the build process.\nUpon completion of the build, volumes and their contents are discarded. Global\nvolume names and paths cannot conflict with the volumes defined a build step.\n\nUsing a global volume in a build with only one step is not valid as it is indicative\nof a build request with an incorrect configuration.", + "items": { + "properties": { + "name": { + "description": "Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for Docker volumes.\nEach named volume must be used by at least two build steps.", + "type": "string" + }, + "path": { + "description": "Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on the same\nbuild step or with certain reserved volume paths.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "workerPool": { + "description": "Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool}\n\nThis field is experimental.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "queueTtl": { + "description": "TTL in queue for this build. If provided and the build is enqueued longer than this value,\nthe build will expire and the build status will be EXPIRED.\nThe TTL starts ticking from createTime.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "secret": { + "description": "Secrets to decrypt using Cloud Key Management Service.", + "items": { + "properties": { + "kmsKeyRef": { + "description": "KMS crypto key to use to decrypt these envs.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretEnv": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of environment variable name to its encrypted value.\nSecret environment variables must be unique across all of a build's secrets,\nand must be used by at least one build step. Values can be at most 64 KB in size.\nThere can be at most 100 secret values across all of a build's secrets.", + "type": "object" + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "source": { + "description": "The location of the source files to build.\n\nOne of 'storageSource' or 'repoSource' must be provided.", + "properties": { + "repoSource": { + "description": "Location of the source in a Google Cloud Source Repository.", + "properties": { + "branchName": { + "description": "Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax.", + "type": "string" + }, + "commitSha": { + "description": "Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided.", + "type": "string" + }, + "dir": { + "description": "Directory, relative to the source root, in which to run the build.\nThis must be a relative path. If a step's dir is specified and is an absolute path,\nthis value is ignored for that step's execution.", + "type": "string" + }, + "invertRegex": { + "description": "Only trigger a build if the revision regex does NOT match the revision regex.", + "type": "boolean" + }, + "projectId": { + "description": "ID of the project that owns the Cloud Source Repository.\nIf omitted, the project ID requesting the build is assumed.", + "type": "string" + }, + "repoRef": { + "description": "The desired Cloud Source Repository. If omitted, \"default\" is\nassumed.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SourceRepoRepository` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "substitutions": { + "additionalProperties": { + "type": "string" + }, + "description": "Substitutions to use in a triggered build. Should only be used with triggers.run.", + "type": "object" + }, + "tagName": { + "description": "Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax.", + "type": "string" + } + }, + "required": [ + "repoRef" + ], + "type": "object", + "additionalProperties": false + }, + "storageSource": { + "description": "Location of the source in an archive file in Google Cloud Storage.", + "properties": { + "bucketRef": { + "description": "Google Cloud Storage bucket containing the source.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "generation": { + "description": "Google Cloud Storage generation for the object.\nIf the generation is omitted, the latest generation will be used.", + "type": "string" + }, + "object": { + "description": "Google Cloud Storage object containing the source.\nThis object must be a gzipped archive file (.tar.gz) containing source to build.", + "type": "string" + } + }, + "required": [ + "bucketRef", + "object" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "step": { + "description": "The operations to be performed on the workspace.", + "items": { + "properties": { + "allowExitCodes": { + "description": "Allow this build step to fail without failing the entire build if and\nonly if the exit code is one of the specified codes.\n\nIf 'allowFailure' is also specified, this field will take precedence.", + "items": { + "type": "integer" + }, + "type": "array" + }, + "allowFailure": { + "description": "Allow this build step to fail without failing the entire build.\nIf false, the entire build will fail if this step fails. Otherwise, the\nbuild will succeed, but this step will still have a failure status.\nError information will be reported in the 'failureDetail' field.\n\n'allowExitCodes' takes precedence over this field.", + "type": "boolean" + }, + "args": { + "description": "A list of arguments that will be presented to the step when it is started.\n\nIf the image used to run the step's container has an entrypoint, the args\nare used as arguments to that entrypoint. If the image does not define an\nentrypoint, the first element in args is used as the entrypoint, and the\nremainder will be used as arguments.", + "items": { + "type": "string" + }, + "type": "array" + }, + "dir": { + "description": "Working directory to use when running this step's container.\n\nIf this value is a relative path, it is relative to the build's working\ndirectory. If this value is absolute, it may be outside the build's working\ndirectory, in which case the contents of the path may not be persisted\nacross build step executions, unless a 'volume' for that path is specified.\n\nIf the build specifies a 'RepoSource' with 'dir' and a step with a\n'dir',\nwhich specifies an absolute path, the 'RepoSource' 'dir' is ignored\nfor the step's execution.", + "type": "string" + }, + "entrypoint": { + "description": "Entrypoint to be used instead of the build step image's\ndefault entrypoint.\nIf unset, the image's default entrypoint is used.", + "type": "string" + }, + "env": { + "description": "A list of environment variable definitions to be used when\nrunning a step.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable\n\"KEY\" being given the value \"VALUE\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "Unique identifier for this build step, used in 'wait_for' to\nreference this build step as a dependency.", + "type": "string" + }, + "name": { + "description": "The name of the container image that will run this particular build step.\n\nIf the image is available in the host's Docker daemon's cache, it will be\nrun directly. If not, the host will attempt to pull the image first, using\nthe builder service account's credentials if necessary.\n\nThe Docker daemon's cache will already have the latest versions of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders\nfor images and examples).\nThe Docker daemon will also have cached many of the layers for some popular\nimages, like \"ubuntu\", \"debian\", but they will be refreshed at the time\nyou attempt to use them.\n\nIf you built an image in a previous build step, it will be stored in the\nhost's Docker daemon's cache and is available to use as the name for a\nlater build step.", + "type": "string" + }, + "script": { + "description": "A shell script to be executed in the step.\nWhen script is provided, the user cannot specify the entrypoint or args.", + "type": "string" + }, + "secretEnv": { + "description": "A list of environment variables which are encrypted using\na Cloud Key\nManagement Service crypto key. These values must be specified in\nthe build's 'Secret'.", + "items": { + "type": "string" + }, + "type": "array" + }, + "timeout": { + "description": "Time limit for executing this build step. If not defined,\nthe step has no\ntime limit and will be allowed to continue to run until either it\ncompletes or the build itself times out.", + "type": "string" + }, + "timing": { + "description": "Output only. Stores timing information for executing this\nbuild step.", + "type": "string" + }, + "volumes": { + "description": "List of volumes to mount into the build step.\n\nEach volume is created as an empty volume prior to execution of the\nbuild step. Upon completion of the build, volumes and their contents\nare discarded.\n\nUsing a named volume in only one step is not valid as it is\nindicative of a build request with an incorrect configuration.", + "items": { + "properties": { + "name": { + "description": "Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for\nDocker volumes. Each named volume must be used by at least two build steps.", + "type": "string" + }, + "path": { + "description": "Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on\nthe same build step or with certain reserved volume paths.", + "type": "string" + } + }, + "required": [ + "name", + "path" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "waitFor": { + "description": "The ID(s) of the step(s) that this build step depends on.\n\nThis build step will not start until all the build steps in 'wait_for'\nhave completed successfully. If 'wait_for' is empty, this build step\nwill start when all previous build steps in the 'Build.Steps' list\nhave completed successfully.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "substitutions": { + "additionalProperties": { + "type": "string" + }, + "description": "Substitutions data for Build resource.", + "type": "object" + }, + "tags": { + "description": "Tags for annotation of a Build. These are not docker tags.", + "items": { + "type": "string" + }, + "type": "array" + }, + "timeout": { + "description": "Amount of time that this build should be allowed to run, to second granularity.\nIf this amount of time elapses, work on the build will cease and the build status will be TIMEOUT.\nThis timeout must be equal to or greater than the sum of the timeouts for build steps within the build.\nThe expected format is the number of seconds followed by s.\nDefault time is ten minutes (600s).", + "type": "string" + } + }, + "required": [ + "step" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Human-readable description of the trigger.", + "type": "string" + }, + "disabled": { + "description": "Whether the trigger is disabled or not. If true, the trigger will never result in a build.", + "type": "boolean" + }, + "filename": { + "description": "Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.", + "type": "string" + }, + "filter": { + "description": "A Common Expression Language string. Used only with Pub/Sub and Webhook.", + "type": "string" + }, + "gitFileSource": { + "description": "The file source describing the local or remote Build template.", + "properties": { + "bitbucketServerConfigRef": { + "description": "Only `external` field is supported to configure the reference.\n\nThe full resource name of the bitbucket server config. Format:\nprojects/{project}/locations/{location}/bitbucketServerConfigs/{id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "githubEnterpriseConfigRef": { + "description": "Only `external` field is supported to configure the reference.\n\nThe full resource name of the github enterprise config. Format:\nprojects/{project}/locations/{location}/githubEnterpriseConfigs/{id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "path": { + "description": "The path of the file, with the repo root as the root of the path.", + "type": "string" + }, + "repoType": { + "description": "The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"].", + "type": "string" + }, + "repositoryRef": { + "description": "Only `external` field is supported to configure the reference.\n\nThe fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository.\nIf unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudBuildV2Repository` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "revision": { + "description": "The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the\nfilename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions\nIf unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path.", + "type": "string" + }, + "uri": { + "description": "The URI of the repo (optional). If unspecified, the repo from which the trigger\ninvocation originated is assumed to be the repo from which to read the specified path.", + "type": "string" + } + }, + "required": [ + "path", + "repoType" + ], + "type": "object", + "additionalProperties": false + }, + "github": { + "description": "Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.", + "properties": { + "enterpriseConfigResourceNameRef": { + "description": "Only `external` field is supported to configure the reference.\n\nThe full resource name of the github enterprise config. Format:\nprojects/{project}/locations/{location}/githubEnterpriseConfigs/{id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Name of the repository. For example: The name for\nhttps://github.com/googlecloudplatform/cloud-builders is \"cloud-builders\".", + "type": "string" + }, + "owner": { + "description": "Owner of the repository. For example: The owner for\nhttps://github.com/googlecloudplatform/cloud-builders is \"googlecloudplatform\".", + "type": "string" + }, + "pullRequest": { + "description": "filter to match changes in pull requests. Specify only one of 'pull_request' or 'push'.", + "properties": { + "branch": { + "description": "Regex of branches to match.", + "type": "string" + }, + "commentControl": { + "description": "Whether to block builds on a \"/gcbrun\" comment from a repository owner or collaborator. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"].", + "type": "string" + }, + "invertRegex": { + "description": "If true, branches that do NOT match the git_ref will trigger a build.", + "type": "boolean" + } + }, + "required": [ + "branch" + ], + "type": "object", + "additionalProperties": false + }, + "push": { + "description": "filter to match changes in refs, like branches or tags. Specify only one of 'pull_request' or 'push'.", + "properties": { + "branch": { + "description": "Regex of branches to match. Specify only one of branch or tag.", + "type": "string" + }, + "invertRegex": { + "description": "When true, only trigger a build if the revision regex does NOT match the git_ref regex.", + "type": "boolean" + }, + "tag": { + "description": "Regex of tags to match. Specify only one of branch or tag.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "ignoredFiles": { + "description": "ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includeBuildLogs": { + "description": "Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"].", + "type": "string" + }, + "includedFiles": { + "description": "ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.", + "items": { + "type": "string" + }, + "type": "array" + }, + "location": { + "description": "Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.", + "type": "string" + }, + "pubsubConfig": { + "description": "PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.", + "properties": { + "serviceAccountRef": { + "description": "Service account that will make the push request.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "state": { + "description": "Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.", + "type": "string" + }, + "subscription": { + "description": "Output only. Name of the subscription.", + "type": "string" + }, + "topicRef": { + "description": "The name of the topic from which this subscription\nis receiving messages.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "topicRef" + ], + "type": "object", + "additionalProperties": false + }, + "repositoryEventConfig": { + "description": "The configuration of a trigger that creates a build whenever an event from Repo API is received.", + "properties": { + "pullRequest": { + "description": "Contains filter properties for matching Pull Requests.", + "properties": { + "branch": { + "description": "Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax.", + "type": "string" + }, + "commentControl": { + "description": "Configure builds to run whether a repository owner or collaborator need to comment '/gcbrun'. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"].", + "type": "string" + }, + "invertRegex": { + "description": "If true, branches that do NOT match the git_ref will trigger a build.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "push": { + "description": "Contains filter properties for matching git pushes.", + "properties": { + "branch": { + "description": "Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax.", + "type": "string" + }, + "invertRegex": { + "description": "If true, only trigger a build if the revision regex does NOT match the git_ref regex.", + "type": "boolean" + }, + "tag": { + "description": "Regex of tags to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "repository": { + "description": "The resource name of the Repo API resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nWhen populating via the external field, the following format is supported:\nprojects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL}", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, where {{value}} is the `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceToBuild": { + "description": "The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.", + "properties": { + "bitbucketServerConfigRef": { + "description": "Only `external` field is supported to configure the reference.\n\nThe full resource name of the bitbucket server config. Format:\nprojects/{project}/locations/{location}/bitbucketServerConfigs/{id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "githubEnterpriseConfigRef": { + "description": "Only `external` field is supported to configure the reference.\n\nThe full resource name of the github enterprise config. Format:\nprojects/{project}/locations/{location}/githubEnterpriseConfigs/{id}.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ref": { + "description": "The branch or tag to use. Must start with \"refs/\" (required).", + "type": "string" + }, + "repoType": { + "description": "The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"].", + "type": "string" + }, + "repositoryRef": { + "description": "Only `external` field is supported to configure the reference.\n\nThe qualified resource name of the Repo API repository.\nEither uri or repository can be specified and is required.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudBuildV2Repository` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "uri": { + "description": "The URI of the repo.", + "type": "string" + } + }, + "required": [ + "ref", + "repoType" + ], + "type": "object", + "additionalProperties": false + }, + "substitutions": { + "additionalProperties": { + "type": "string" + }, + "description": "Substitutions data for Build resource.", + "type": "object" + }, + "tags": { + "description": "Tags for annotation of a BuildTrigger.", + "items": { + "type": "string" + }, + "type": "array" + }, + "triggerTemplate": { + "description": "Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.", + "properties": { + "branchName": { + "description": "Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.", + "type": "string" + }, + "commitSha": { + "description": "Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.", + "type": "string" + }, + "dir": { + "description": "Directory, relative to the source root, in which to run the build.\n\nThis must be a relative path. If a step's dir is specified and\nis an absolute path, this value is ignored for that step's\nexecution.", + "type": "string" + }, + "invertRegex": { + "description": "Only trigger a build if the revision regex does NOT match the revision regex.", + "type": "boolean" + }, + "repoRef": { + "description": "The Cloud Source Repository to build. If omitted, the repo with\nname \"default\" is assumed.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SourceRepoRepository` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tagName": { + "description": "Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "webhookConfig": { + "description": "WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.", + "properties": { + "secretRef": { + "description": "The secret required", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SecretManagerSecretVersion` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "state": { + "description": "Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.", + "type": "string" + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time when the trigger was created.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "triggerId": { + "description": "The unique identifier for the trigger.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/cloudfunctions.cnrm.cloud.google.com/cloudfunctionsfunction_v1beta1.json b/cloudfunctions.cnrm.cloud.google.com/cloudfunctionsfunction_v1beta1.json new file mode 100644 index 00000000..d717eada --- /dev/null +++ b/cloudfunctions.cnrm.cloud.google.com/cloudfunctionsfunction_v1beta1.json @@ -0,0 +1,413 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "availableMemoryMb": { + "description": "Memory (in MB), available to the function. Default value is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.", + "format": "int64", + "type": "integer" + }, + "description": { + "description": "User-provided description of a function.", + "type": "string" + }, + "entryPoint": { + "description": "Immutable. The name of the function (as defined in source code) that will be\nexecuted. Defaults to the resource name suffix, if not specified. For\nbackward compatibility, if function with given name is not found, then the\nsystem will try to use function named \"function\".\nFor Node.js this is name of a function exported by the module specified\nin `source_location`.", + "type": "string" + }, + "environmentVariables": { + "additionalProperties": { + "type": "string" + }, + "description": "Environment variables that shall be available during function execution.", + "type": "object" + }, + "eventTrigger": { + "description": "Immutable. A source that fires events in response to a condition in another service.", + "properties": { + "eventType": { + "description": "Immutable. Required. The type of event to observe. For example:\n`providers/cloud.storage/eventTypes/object.change` and\n`providers/cloud.pubsub/eventTypes/topic.publish`.\n\nEvent types match pattern `providers/*/eventTypes/*.*`.\nThe pattern contains:\n\n1. namespace: For example, `cloud.storage` and\n `google.firebase.analytics`.\n2. resource type: The type of resource on which event occurs. For\n example, the Google Cloud Storage API includes the type `object`.\n3. action: The action that generates the event. For example, action for\n a Google Cloud Storage Object is 'change'.\nThese parts are lower case.", + "type": "string" + }, + "failurePolicy": { + "description": "Immutable. Specifies policy for failed executions.", + "type": "boolean" + }, + "resourceRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name", + "kind" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + }, + { + "required": [ + "kind" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource(s) from which to observe events, for example,\n`projects/_/buckets/myBucket`.\n\nNot all syntactically correct values are accepted by all services. For\nexample:\n\n1. The authorization model must support it. Google Cloud Functions\n only allows EventTriggers to be deployed that observe resources in the\n same project as the `Function`.\n2. The resource type must match the pattern expected for an\n `event_type`. For example, an `EventTrigger` that has an\n `event_type` of \"google.pubsub.topic.publish\" should have a resource\n that matches Google Cloud Pub/Sub topics.\n\nAdditionally, some services may support short names when creating an\n`EventTrigger`. These will always be returned in the normalized \"long\"\nformat.\n\nSee each *service's* documentation for supported formats.\n\nAllowed values:\n* The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).\n* The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`).", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. Allowed values: StorageBucket,PubSubTopic", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "service": { + "description": "Immutable. The hostname of the service that should be observed.\n\nIf no string is provided, the default service implementing the API will\nbe used. For example, `storage.googleapis.com` is the default for all\nevent types in the `google.storage` namespace.", + "type": "string" + } + }, + "required": [ + "eventType", + "resourceRef" + ], + "type": "object", + "additionalProperties": false + }, + "httpsTrigger": { + "description": "Immutable. An HTTPS endpoint type of source that can be triggered via URL.", + "properties": { + "securityLevel": { + "description": "Immutable. Both HTTP and HTTPS requests with URLs that match the handler succeed without redirects. The application can examine the request to determine which protocol was used and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, SECURE_ALWAYS, SECURE_OPTIONAL", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ingressSettings": { + "description": "The ingress settings for the function, controlling what traffic can reach\nit. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB", + "type": "string" + }, + "maxInstances": { + "description": "The limit on the maximum number of function instances that may coexist at a\ngiven time.", + "format": "int64", + "type": "integer" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project id of the function.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. The name of the Cloud Functions region of the function.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "runtime": { + "description": "The runtime in which to run the function. Required when deploying a new\nfunction, optional when updating an existing function. For a complete\nlist of possible choices, see the\n[`gcloud` command\nreference](/sdk/gcloud/reference/functions/deploy#--runtime).\n", + "type": "string" + }, + "serviceAccountRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The email of the function's service account. If empty, defaults to\n`{project_id}@appspot.gserviceaccount.com`.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceArchiveUrl": { + "description": "Immutable. The Google Cloud Storage URL, starting with gs://, pointing to the zip archive which contains the function.", + "type": "string" + }, + "sourceRepository": { + "description": "Immutable. Represents parameters related to source repository where a function is hosted.", + "properties": { + "url": { + "description": "Immutable. The URL pointing to the hosted repository where the function is defined.\nThere are supported Cloud Source Repository URLs in the following\nformats:\n\nTo refer to a specific commit:\n`https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*`\nTo refer to a moveable alias (branch):\n`https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*`\nIn particular, to refer to HEAD use `master` moveable alias.\nTo refer to a specific fixed alias (tag):\n`https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*`\n\nYou may omit `paths/*` if you want to use the main directory.", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "The function execution timeout. Execution is considered failed and\ncan be terminated if the function is not completed at the end of the\ntimeout period. Defaults to 60 seconds.", + "type": "string" + }, + "vpcConnectorEgressSettings": { + "description": "The egress settings for the connector, controlling what traffic is diverted\nthrough it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC", + "type": "string" + }, + "vpcConnectorRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The VPC Network Connector that this cloud function can connect to. It can\nbe either the fully-qualified URI, or the short name of the network\nconnector resource. The format of this field is\n`projects/*/locations/*/connectors/*`\n\nAllowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "projectRef", + "region", + "runtime" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "httpsTrigger": { + "properties": { + "url": { + "description": "Output only. The deployed url for the function.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "sourceRepository": { + "properties": { + "deployedUrl": { + "description": "Output only. The URL pointing to the hosted repository where the function\nwere defined at the time of deployment. It always points to a specific\ncommit in the format described above.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "Output only. Status of the function deployment. Possible values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, DELETE_IN_PROGRESS, UNKNOWN", + "type": "string" + }, + "updateTime": { + "description": "Output only. The last update timestamp of a Cloud Function in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.", + "type": "string" + }, + "versionId": { + "description": "Output only. The version identifier of the Cloud Function. Each deployment attempt\nresults in a new version of a function being created.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/cloudidentity.cnrm.cloud.google.com/cloudidentitygroup_v1beta1.json b/cloudidentity.cnrm.cloud.google.com/cloudidentitygroup_v1beta1.json new file mode 100644 index 00000000..137e7015 --- /dev/null +++ b/cloudidentity.cnrm.cloud.google.com/cloudidentitygroup_v1beta1.json @@ -0,0 +1,127 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "An extended description to help users determine the purpose of a Group.\nMust not be longer than 4,096 characters.", + "type": "string" + }, + "displayName": { + "description": "The display name of the Group.", + "type": "string" + }, + "groupKey": { + "description": "Immutable. EntityKey of the Group.", + "properties": { + "id": { + "description": "Immutable. The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.", + "type": "string" + }, + "namespace": { + "description": "Immutable. The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object", + "additionalProperties": false + }, + "initialGroupConfig": { + "description": "Immutable. The initial configuration options for creating a Group.\n\nSee the\n[API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)\nfor possible values. Default value: \"EMPTY\" Possible values: [\"INITIAL_GROUP_CONFIG_UNSPECIFIED\", \"WITH_INITIAL_OWNER\", \"EMPTY\"].", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.\n\nGoogle Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.\n\nExisting Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.\n\nDynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.\n\nIdentity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.", + "type": "object" + }, + "parent": { + "description": "Immutable. The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "required": [ + "groupKey", + "labels", + "parent" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time when the Group was created.", + "type": "string" + }, + "name": { + "description": "Resource name of the Group in the format: groups/{group_id}, where group_id\nis the unique ID assigned to the Group.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "The time when the Group was last updated.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/cloudidentity.cnrm.cloud.google.com/cloudidentitymembership_v1beta1.json b/cloudidentity.cnrm.cloud.google.com/cloudidentitymembership_v1beta1.json new file mode 100644 index 00000000..4c9882ac --- /dev/null +++ b/cloudidentity.cnrm.cloud.google.com/cloudidentitymembership_v1beta1.json @@ -0,0 +1,240 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "groupRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The group for the resource\n\nAllowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "memberKey": { + "description": "Immutable. The `EntityKey` of the member. Either `member_key` or `preferred_member_key` must be set when calling MembershipsService.CreateMembership but not both; both shall be set when returned.", + "properties": { + "id": { + "description": "The ID of the entity. For Google-managed entities, the `id` must be the email address of an existing group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`.", + "type": "string" + }, + "namespace": { + "description": "The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source_id}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "preferredMemberKey": { + "description": "Immutable. Required. Immutable. The `EntityKey` of the member.", + "properties": { + "id": { + "description": "Immutable. The ID of the entity. For Google-managed entities, the `id` must be the email address of a group or user. For external-identity-mapped entities, the `id` must be a string conforming to the Identity Source's requirements. Must be unique within a `namespace`.", + "type": "string" + }, + "namespace": { + "description": "Immutable. The namespace in which the entity exists. If not specified, the `EntityKey` represents a Google-managed entity such as a Google user or a Google Group. If specified, the `EntityKey` represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of `identitysources/{identity_source_id}`.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "roles": { + "description": "The `MembershipRole`s that apply to the `Membership`. If unspecified, defaults to a single `MembershipRole` with `name` `MEMBER`. Must not contain duplicate `MembershipRole`s with the same `name`.", + "items": { + "properties": { + "expiryDetail": { + "description": "The expiry details of the `MembershipRole`. Expiry details are only supported for `MEMBER` `MembershipRoles`. May be set if `name` is `MEMBER`. Must not be set if `name` is any other value.", + "properties": { + "expireTime": { + "description": "The time at which the `MembershipRole` will expire.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "restrictionEvaluations": { + "description": "Evaluations of restrictions applied to parent group on this membership.", + "properties": { + "memberRestrictionEvaluation": { + "description": "Evaluation of the member restriction applied to this membership. Empty if the user lacks permission to view the restriction evaluation.", + "properties": { + "state": { + "description": "Output only. The current state of the restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "groupRef", + "preferredMemberKey", + "roles" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time when the `Membership` was created.", + "format": "date-time", + "type": "string" + }, + "deliverySetting": { + "description": "Output only. Delivery setting associated with the membership. Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, DAILY, NONE, DISABLED", + "type": "string" + }, + "displayName": { + "description": "Output only. The display name of this member, if available", + "properties": { + "familyName": { + "description": "Output only. Member's family name", + "type": "string" + }, + "fullName": { + "description": "Output only. Localized UTF-16 full name for the member. Localization is done based on the language in the request and the language of the stored display name.", + "type": "string" + }, + "givenName": { + "description": "Output only. Member's given name", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "type": { + "description": "Output only. The type of the membership. Possible values: OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER", + "type": "string" + }, + "updateTime": { + "description": "Output only. The time when the `Membership` was last updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/cloudscheduler.cnrm.cloud.google.com/cloudschedulerjob_v1beta1.json b/cloudscheduler.cnrm.cloud.google.com/cloudschedulerjob_v1beta1.json new file mode 100644 index 00000000..db36dcbc --- /dev/null +++ b/cloudscheduler.cnrm.cloud.google.com/cloudschedulerjob_v1beta1.json @@ -0,0 +1,454 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "appEngineHttpTarget": { + "description": "App Engine HTTP target.", + "properties": { + "appEngineRouting": { + "description": "App Engine Routing setting for the job.", + "properties": { + "instance": { + "description": "App instance. By default, the job is sent to an instance which is available when the job is attempted. Requests can only be sent to a specific instance if [manual scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). App Engine Flex does not support instances. For more information, see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed).", + "type": "string" + }, + "service": { + "description": "App service. By default, the job is sent to the service which is the default service when the job is attempted.", + "type": "string" + }, + "version": { + "description": "App version. By default, the job is sent to the version which is the default version when the job is attempted.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "body": { + "description": "Body. HTTP request body. A request body is allowed only if the HTTP method is POST or PUT. It will result in invalid argument error to set a body on a job with an incompatible HttpMethod.", + "type": "string" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "HTTP request headers. This map contains the header field names and values. Headers can be set when the job is created. Cloud Scheduler sets some headers to default values: * `User-Agent`: By default, this header is `\"App Engine-Google; (+http://code.google.com/appengine)\"`. This header can be modified, but Cloud Scheduler will append `\"App Engine-Google; (+http://code.google.com/appengine)\"` to the modified `User-Agent`. * `X-CloudScheduler`: This header will be set to true. The headers below are output only. They cannot be set or overridden: * `X-Google-*`: For Google internal use only. * `X-App Engine-*`: For Google internal use only. In addition, some App Engine headers, which contain job-specific information, are also be sent to the job handler.", + "type": "object" + }, + "httpMethod": { + "description": "The HTTP method to use for the request. PATCH and OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS", + "type": "string" + }, + "relativeUri": { + "description": "The relative URI. The relative URL must begin with \"/\" and must be a valid HTTP relative URL. It can contain a path, query string arguments, and `#` fragments. If the relative URL is empty, then the root path \"/\" will be used. No spaces are allowed, and the maximum length allowed is 2083 characters.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "attemptDeadline": { + "description": "The deadline for job attempts. If the request handler does not respond by this deadline then the request is cancelled and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The failed attempt can be viewed in execution logs. Cloud Scheduler will retry the job according to the RetryConfig. The allowed duration for this deadline is: * For HTTP targets, between 15 seconds and 30 minutes. * For App Engine HTTP targets, between 15 seconds and 24 hours.", + "type": "string" + }, + "description": { + "description": "Optionally caller-specified in CreateJob or UpdateJob. A human-readable description for the job. This string must not contain more than 500 characters.", + "type": "string" + }, + "httpTarget": { + "description": "HTTP target.", + "properties": { + "body": { + "description": "HTTP request body. A request body is allowed only if the HTTP method is POST, PUT, or PATCH. It is an error to set body on a job with an incompatible HttpMethod.", + "type": "string" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "The user can specify HTTP request headers to send with the job's HTTP request. This map contains the header field names and values. Repeated headers are not supported, but a header value can contain commas. These headers represent a subset of the headers that will accompany the job's HTTP request. Some HTTP request headers will be ignored or replaced. A partial list of headers that will be ignored or replaced is below: - Host: This will be computed by Cloud Scheduler and derived from uri. * `Content-Length`: This will be computed by Cloud Scheduler. * `User-Agent`: This will be set to `\"Google-Cloud-Scheduler\"`. * `X-Google-*`: Google internal use only. * `X-appengine-*`: Google internal use only. The total size of headers must be less than 80KB.", + "type": "object" + }, + "httpMethod": { + "description": "Which HTTP method to use for the request. Possible values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS", + "type": "string" + }, + "oauthToken": { + "description": "If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) will be generated and attached as an `Authorization` header in the HTTP request. This type of authorization should generally only be used when calling Google APIs hosted on *.googleapis.com.", + "properties": { + "scope": { + "description": "OAuth scope to be used for generating OAuth access token. If not specified, \"https://www.googleapis.com/auth/cloud-platform\" will be used.", + "type": "string" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "[Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oidcToken": { + "description": "If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) token will be generated and attached as an `Authorization` header in the HTTP request. This type of authorization can be used for many scenarios, including calling Cloud Run, or endpoints where you intend to validate the token yourself.", + "properties": { + "audience": { + "description": "Audience to be used when generating OIDC token. If not specified, the URI specified in target will be used.", + "type": "string" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "[Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "uri": { + "description": "Required. The full URI path that the request will be sent to. This string must begin with either \"http://\" or \"https://\". Some examples of valid values for uri are: `http://acme.com` and `https://acme.com/sales:8080`. Cloud Scheduler will encode some characters for safety and compatibility. The maximum allowed URL length is 2083 characters after encoding.", + "type": "string" + } + }, + "required": [ + "uri" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "pubsubTarget": { + "description": "Pub/Sub target.", + "properties": { + "attributes": { + "additionalProperties": { + "type": "string" + }, + "description": "Attributes for PubsubMessage. Pubsub message must contain either non-empty data, or at least one attribute.", + "type": "object" + }, + "data": { + "description": "The message payload for PubsubMessage. Pubsub message must contain either non-empty data, or at least one attribute.", + "type": "string" + }, + "topicRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job.\n\nAllowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "topicRef" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "retryConfig": { + "description": "Settings that determine the retry behavior.", + "properties": { + "maxBackoffDuration": { + "description": "The maximum amount of time to wait before retrying a job after it fails. The default value of this field is 1 hour.", + "type": "string" + }, + "maxDoublings": { + "description": "The time between retries will double `max_doublings` times. A job's retry interval starts at min_backoff_duration, then doubles `max_doublings` times, then increases linearly, and finally retries at intervals of max_backoff_duration up to retry_count times. For example, if min_backoff_duration is 10s, max_backoff_duration is 300s, and `max_doublings` is 3, then the a job will first be retried in 10s. The retry interval will double three times, and then increase linearly by 2^3 * 10s. Finally, the job will retry at intervals of max_backoff_duration until the job has been attempted retry_count times. Thus, the requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, 300s, .... The default value of this field is 5.", + "format": "int64", + "type": "integer" + }, + "maxRetryDuration": { + "description": "The time limit for retrying a failed job, measured from time when an execution was first attempted. If specified with retry_count, the job will be retried until both limits are reached. The default value for max_retry_duration is zero, which means retry duration is unlimited.", + "type": "string" + }, + "minBackoffDuration": { + "description": "The minimum amount of time to wait before retrying a job after it fails. The default value of this field is 5 seconds.", + "type": "string" + }, + "retryCount": { + "description": "The number of attempts that the system will make to run a job using the exponential backoff procedure described by max_doublings. The default value of retry_count is zero. If retry_count is zero, a job attempt will *not* be retried if it fails. Instead the Cloud Scheduler system will wait for the next scheduled execution time. If retry_count is set to a non-zero number then Cloud Scheduler will retry failed attempts, using exponential backoff, retry_count times, or until the next scheduled execution time, whichever comes first. Values greater than 5 and negative values are not allowed.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "schedule": { + "description": "Required, except when used with UpdateJob. Describes the schedule on which the job will be executed. The schedule can be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) As a general rule, execution `n + 1` of a job will not begin until execution `n` has finished. Cloud Scheduler will never allow two simultaneously outstanding executions. For example, this implies that if the `n+1`th execution is scheduled to run at 16:00 but the `n`th execution takes until 16:15, the `n+1`th execution will not start until `16:15`. A scheduled start time will be delayed if the previous execution has not ended when its scheduled time occurs. If retry_count > 0 and a job attempt fails, the job will be tried a total of retry_count times, with exponential backoff, until the next scheduled start time.", + "type": "string" + }, + "timeZone": { + "description": "Specifies the time zone to be used in interpreting schedule. The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). Note that some time zones include a provision for daylight savings time. The rules for daylight saving time are determined by the chosen tz. For UTC use the string \"utc\". If a time zone is not specified, the default will be in UTC (also known as GMT).", + "type": "string" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "appEngineHttpTarget": { + "properties": { + "appEngineRouting": { + "properties": { + "host": { + "description": "Output only. The host that the job is sent to. For more information about how App Engine requests are routed, see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). The host is constructed as: * `host = [application_domain_name]` `| [service] + '.' + [application_domain_name]` `| [version] + '.' + [application_domain_name]` `| [version_dot_service]+ '.' + [application_domain_name]` `| [instance] + '.' + [application_domain_name]` `| [instance_dot_service] + '.' + [application_domain_name]` `| [instance_dot_version] + '.' + [application_domain_name]` `| [instance_dot_version_dot_service] + '.' + [application_domain_name]` * `application_domain_name` = The domain name of the app, for example .appspot.com, which is associated with the job's project ID. * `service =` service * `version =` version * `version_dot_service =` version `+ '.' +` service * `instance =` instance * `instance_dot_service =` instance `+ '.' +` service * `instance_dot_version =` instance `+ '.' +` version * `instance_dot_version_dot_service =` instance `+ '.' +` version `+ '.' +` service If service is empty, then the job will be sent to the service which is the default service when the job is attempted. If version is empty, then the job will be sent to the version which is the default version when the job is attempted. If instance is empty, then the job will be sent to an instance which is available when the job is attempted. If service, version, or instance is invalid, then the job will be sent to the default version of the default service when the job is attempted.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "lastAttemptTime": { + "description": "Output only. The time the last job attempt started.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "scheduleTime": { + "description": "Output only. The next time the job is scheduled. Note that this may be a retry of a previously failed attempt or the next execution time according to the schedule.", + "format": "date-time", + "type": "string" + }, + "state": { + "description": "Output only. State of the job. Possible values: STATE_UNSPECIFIED, ENABLED, PAUSED, DISABLED, UPDATE_FAILED", + "type": "string" + }, + "status": { + "description": "Output only. The response from the target for the last attempted execution.", + "properties": { + "code": { + "description": "The status code, which should be an enum value of google.rpc.Code.", + "format": "int64", + "type": "integer" + }, + "details": { + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.", + "items": { + "properties": { + "typeUrl": { + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a google.protobuf.Type value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.", + "type": "string" + }, + "value": { + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "message": { + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "userUpdateTime": { + "description": "Output only. The creation time of the job.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeaddress_v1beta1.json b/compute.cnrm.cloud.google.com/computeaddress_v1beta1.json new file mode 100644 index 00000000..8cc1c4a3 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeaddress_v1beta1.json @@ -0,0 +1,226 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "address": { + "description": "Immutable. The static external IP address represented by this resource.\nThe IP address must be inside the specified subnetwork,\nif any. Set by the API if undefined.", + "type": "string" + }, + "addressType": { + "description": "Immutable. The type of address to reserve.\nNote: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: \"EXTERNAL\" Possible values: [\"INTERNAL\", \"EXTERNAL\"].", + "type": "string" + }, + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "ipVersion": { + "description": "Immutable. The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"].", + "type": "string" + }, + "ipv6EndpointType": { + "description": "Immutable. The endpoint type of this address, which should be VM or NETLB. This is\nused for deciding which type of endpoint this address can be used after\nthe external IPv6 address reservation. Possible values: [\"VM\", \"NETLB\"].", + "type": "string" + }, + "location": { + "description": "Location represents the geographical location of the ComputeAddress. Specify a region name or \"global\" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "networkRef": { + "description": "The network in which to reserve the address. If global, the address\nmust be within the RFC1918 IP space. The network cannot be deleted\nif there are any reserved IP ranges referring to it. This field can\nonly be used with INTERNAL type with the VPC_PEERING and\nIPSEC_INTERCONNECT purposes.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkTier": { + "description": "Immutable. The networking tier used for configuring this address. If this field is not\nspecified, it is assumed to be PREMIUM.\nThis argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: [\"PREMIUM\", \"STANDARD\"].", + "type": "string" + }, + "prefixLength": { + "description": "Immutable. The prefix length if the resource represents an IP range.", + "type": "integer" + }, + "purpose": { + "description": "Immutable. The purpose of this resource, which can be one of the following values.\n\n* GCE_ENDPOINT for addresses that are used by VM instances, alias IP\nranges, load balancers, and similar resources.\n\n* SHARED_LOADBALANCER_VIP for an address that can be used by multiple\ninternal load balancers.\n\n* VPC_PEERING for addresses that are reserved for VPC peer networks.\n\n* IPSEC_INTERCONNECT for addresses created from a private IP range that\nare reserved for a VLAN attachment in an HA VPN over Cloud Interconnect\nconfiguration. These addresses are regional resources.\n\n* PRIVATE_SERVICE_CONNECT for a private network address that is used to\nconfigure Private Service Connect. Only global internal addresses can use\nthis purpose.\n\n\nThis should only be set when using an Internal address.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "subnetworkRef": { + "description": "The subnetwork in which to reserve the address. If an IP address is\nspecified, it must be within the subnetwork's IP range. This field\ncan only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER\npurposes.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "labelFingerprint": { + "description": "The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + }, + "users": { + "description": "The URLs of the resources that are using this address.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computebackendbucket_v1beta1.json b/compute.cnrm.cloud.google.com/computebackendbucket_v1beta1.json new file mode 100644 index 00000000..d0702b17 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computebackendbucket_v1beta1.json @@ -0,0 +1,244 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "bucketRef": { + "description": "Reference to the bucket.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cdnPolicy": { + "description": "Cloud CDN configuration for this Backend Bucket.", + "properties": { + "bypassCacheOnRequestHeaders": { + "description": "Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.", + "items": { + "properties": { + "headerName": { + "description": "The header field name to match on when bypassing cache. Values are case-insensitive.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "cacheKeyPolicy": { + "description": "The CacheKeyPolicy for this CdnPolicy.", + "properties": { + "includeHttpHeaders": { + "description": "Allows HTTP request headers (by name) to be used in the\ncache key.", + "items": { + "type": "string" + }, + "type": "array" + }, + "queryStringWhitelist": { + "description": "Names of query string parameters to include in cache keys.\nDefault parameters are always included. '&' and '=' will\nbe percent encoded and not treated as delimiters.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "cacheMode": { + "description": "Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"].", + "type": "string" + }, + "clientTtl": { + "description": "Specifies the maximum allowed TTL for cached content served by this origin.", + "type": "integer" + }, + "defaultTtl": { + "description": "Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).", + "type": "integer" + }, + "maxTtl": { + "description": "Specifies the maximum allowed TTL for cached content served by this origin.", + "type": "integer" + }, + "negativeCaching": { + "description": "Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.", + "type": "boolean" + }, + "negativeCachingPolicy": { + "description": "Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.", + "items": { + "properties": { + "code": { + "description": "The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.", + "type": "integer" + }, + "ttl": { + "description": "The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestCoalescing": { + "description": "If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.", + "type": "boolean" + }, + "serveWhileStale": { + "description": "Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.", + "type": "integer" + }, + "signedUrlCacheMaxAgeSec": { + "description": "Maximum number of seconds the response to a signed URL request will\nbe considered fresh. After this time period,\nthe response will be revalidated before being served.\nWhen serving responses to signed URL requests,\nCloud CDN will internally behave as though\nall responses from this backend had a \"Cache-Control: public,\nmax-age=[TTL]\" header, regardless of any existing Cache-Control\nheader. The actual headers served in responses will not be altered.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "compressionMode": { + "description": "Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"].", + "type": "string" + }, + "customResponseHeaders": { + "description": "Headers that the HTTP/S load balancer should add to proxied responses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "description": "An optional textual description of the resource; provided by the\nclient when the resource is created.", + "type": "string" + }, + "edgeSecurityPolicy": { + "description": "The security policy associated with this backend bucket.", + "type": "string" + }, + "enableCdn": { + "description": "If true, enable Cloud CDN for this BackendBucket.", + "type": "boolean" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "bucketRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computebackendservice_v1beta1.json b/compute.cnrm.cloud.google.com/computebackendservice_v1beta1.json new file mode 100644 index 00000000..a82141f2 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computebackendservice_v1beta1.json @@ -0,0 +1,1203 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "affinityCookieTtlSec": { + "description": "Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.", + "type": "integer" + }, + "backend": { + "description": "The set of backends that serve this BackendService.", + "items": { + "properties": { + "balancingMode": { + "description": "Specifies the balancing mode for this backend.\n\nFor global HTTP(S) or TCP/SSL load balancing, the default is\nUTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))\nand CONNECTION (for TCP/SSL).\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"UTILIZATION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"].", + "type": "string" + }, + "capacityScaler": { + "description": "A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\nDefault value is 1, which means the group will serve up to 100%\nof its configured capacity (depending on balancingMode). A\nsetting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].", + "type": "number" + }, + "description": { + "description": "An optional description of this resource.\nProvide this property when you create the resource.", + "type": "string" + }, + "failover": { + "description": "This field designates whether this is a failover backend. More\nthan one failover backend can be configured for a given RegionBackendService.", + "type": "boolean" + }, + "group": { + "description": "Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup\nresource. In case of instance group this defines the list of\ninstances that serve traffic. Member virtual machine instances from\neach instance group must live in the same zone as the instance\ngroup itself. No two backends in a backend service are allowed to\nuse same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and Network Endpoint\nGroup backends.\n\nWhen the 'load_balancing_scheme' is INTERNAL, only instance groups\nare supported.", + "oneOf": [ + { + "required": [ + "instanceGroupRef" + ] + }, + { + "required": [ + "networkEndpointGroupRef" + ] + } + ], + "properties": { + "instanceGroupRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInstanceGroup` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkEndpointGroupRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetworkEndpointGroup` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "maxConnections": { + "description": "The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.", + "type": "integer" + }, + "maxConnectionsPerEndpoint": { + "description": "The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either\nmaxConnections or maxConnectionsPerEndpoint must be set.", + "type": "integer" + }, + "maxConnectionsPerInstance": { + "description": "The max number of simultaneous connections that a single\nbackend instance can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.", + "type": "integer" + }, + "maxRate": { + "description": "The max requests per second (RPS) of the group.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. For RATE mode, either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.", + "type": "integer" + }, + "maxRatePerEndpoint": { + "description": "The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set.", + "type": "number" + }, + "maxRatePerInstance": { + "description": "The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set.", + "type": "number" + }, + "maxUtilization": { + "description": "Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].", + "type": "number" + } + }, + "required": [ + "group" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "cdnPolicy": { + "description": "Cloud CDN configuration for this BackendService.", + "properties": { + "bypassCacheOnRequestHeaders": { + "description": "Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.\nThe cache is bypassed for all cdnPolicy.cacheMode settings.", + "items": { + "properties": { + "headerName": { + "description": "The header field name to match on when bypassing cache. Values are case-insensitive.", + "type": "string" + } + }, + "required": [ + "headerName" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "cacheKeyPolicy": { + "description": "The CacheKeyPolicy for this CdnPolicy.", + "properties": { + "includeHost": { + "description": "If true requests to different hosts will be cached separately.", + "type": "boolean" + }, + "includeHttpHeaders": { + "description": "Allows HTTP request headers (by name) to be used in the\ncache key.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includeNamedCookies": { + "description": "Names of cookies to include in cache keys.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includeProtocol": { + "description": "If true, http and https requests will be cached separately.", + "type": "boolean" + }, + "includeQueryString": { + "description": "If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.", + "type": "boolean" + }, + "queryStringBlacklist": { + "description": "Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'&' and '=' will be percent encoded and not treated as\ndelimiters.", + "items": { + "type": "string" + }, + "type": "array" + }, + "queryStringWhitelist": { + "description": "Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'&' and '=' will be percent encoded and not treated as\ndelimiters.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "cacheMode": { + "description": "Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"].", + "type": "string" + }, + "clientTtl": { + "description": "Specifies the maximum allowed TTL for cached content served by this origin.", + "type": "integer" + }, + "defaultTtl": { + "description": "Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).", + "type": "integer" + }, + "maxTtl": { + "description": "Specifies the maximum allowed TTL for cached content served by this origin.", + "type": "integer" + }, + "negativeCaching": { + "description": "Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.", + "type": "boolean" + }, + "negativeCachingPolicy": { + "description": "Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.", + "items": { + "properties": { + "code": { + "description": "The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.", + "type": "integer" + }, + "ttl": { + "description": "The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "serveWhileStale": { + "description": "Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.", + "type": "integer" + }, + "signedUrlCacheMaxAgeSec": { + "description": "Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "circuitBreakers": { + "description": "Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.", + "properties": { + "connectTimeout": { + "description": "The timeout for new network connections to hosts.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "maxConnections": { + "description": "The maximum number of connections to the backend cluster.\nDefaults to 1024.", + "type": "integer" + }, + "maxPendingRequests": { + "description": "The maximum number of pending requests to the backend cluster.\nDefaults to 1024.", + "type": "integer" + }, + "maxRequests": { + "description": "The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.", + "type": "integer" + }, + "maxRequestsPerConnection": { + "description": "Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.", + "type": "integer" + }, + "maxRetries": { + "description": "The maximum number of parallel retries to the backend cluster.\nDefaults to 3.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "compressionMode": { + "description": "Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"].", + "type": "string" + }, + "connectionDrainingTimeoutSec": { + "description": "Time for which instance will be drained (not accept new\nconnections, but still work to finish started).", + "type": "integer" + }, + "connectionTrackingPolicy": { + "description": "Connection Tracking configuration for this BackendService.\nThis is available only for Layer 4 Internal Load Balancing and\nNetwork Load Balancing.", + "properties": { + "connectionPersistenceOnUnhealthyBackends": { + "description": "Specifies connection persistence when backends are unhealthy.\n\nIf set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on\nunhealthy backends only for connection-oriented protocols (TCP and SCTP)\nand only if the Tracking Mode is PER_CONNECTION (default tracking mode)\nor the Session Affinity is configured for 5-tuple. They do not persist\nfor UDP.\n\nIf set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing\nconnections on the unhealthy backend are never persisted on the unhealthy\nbackend. They are always diverted to newly selected healthy backends\n(unless all backends are unhealthy).\n\nIf set to 'ALWAYS_PERSIST', existing connections always persist on\nunhealthy backends regardless of protocol and session affinity. It is\ngenerally not recommended to use this mode overriding the default. Default value: \"DEFAULT_FOR_PROTOCOL\" Possible values: [\"DEFAULT_FOR_PROTOCOL\", \"NEVER_PERSIST\", \"ALWAYS_PERSIST\"].", + "type": "string" + }, + "enableStrongAffinity": { + "description": "Enable Strong Session Affinity for Network Load Balancing. This option is not available publicly.", + "type": "boolean" + }, + "idleTimeoutSec": { + "description": "Specifies how long to keep a Connection Tracking entry while there is\nno matching traffic (in seconds).\n\nFor L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours.\n\nFor NLB the minimum(default) is 60 seconds and the maximum is 16 hours.", + "type": "integer" + }, + "trackingMode": { + "description": "Specifies the key used for connection tracking. There are two options:\n'PER_CONNECTION': The Connection Tracking is performed as per the\nConnection Key (default Hash Method) for the specific protocol.\n\n'PER_SESSION': The Connection Tracking is performed as per the\nconfigured Session Affinity. It matches the configured Session Affinity. Default value: \"PER_CONNECTION\" Possible values: [\"PER_CONNECTION\", \"PER_SESSION\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "consistentHash": { + "description": "Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.", + "properties": { + "httpCookie": { + "description": "Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.", + "properties": { + "name": { + "description": "Name of the cookie.", + "type": "string" + }, + "path": { + "description": "Path to set for the cookie.", + "type": "string" + }, + "ttl": { + "description": "Lifetime of the cookie.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "httpHeaderName": { + "description": "The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.", + "type": "string" + }, + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "customRequestHeaders": { + "description": "Headers that the HTTP/S load balancer should add to proxied\nrequests.", + "items": { + "type": "string" + }, + "type": "array" + }, + "customResponseHeaders": { + "description": "Headers that the HTTP/S load balancer should add to proxied\nresponses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "description": "An optional description of this resource.", + "type": "string" + }, + "edgeSecurityPolicyRef": { + "description": "The resource URL for the edge security policy associated with this\nbackend service.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "enableCdn": { + "description": "If true, enable Cloud CDN for this BackendService.", + "type": "boolean" + }, + "failoverPolicy": { + "description": "Policy for failovers.", + "properties": { + "disableConnectionDrainOnFailover": { + "description": "On failover or failback, this field indicates whether connection drain\nwill be honored. Setting this to true has the following effect: connections\nto the old active pool are not drained. Connections to the new active pool\nuse the timeout of 10 min (currently fixed). Setting to false has the\nfollowing effect: both old and new connections will have a drain timeout\nof 10 min.\nThis can be set to true only if the protocol is TCP.\nThe default is false.", + "type": "boolean" + }, + "dropTrafficIfUnhealthy": { + "description": "This option is used only when no healthy VMs are detected in the primary\nand backup instance groups. When set to true, traffic is dropped. When\nset to false, new connections are sent across all VMs in the primary group.\nThe default is false.", + "type": "boolean" + }, + "failoverRatio": { + "description": "The value of the field must be in [0, 1]. If the ratio of the healthy\nVMs in the primary backend is at or below this number, traffic arriving\nat the load-balanced IP will be directed to the failover backend.\nIn case where 'failoverRatio' is not set or all the VMs in the backup\nbackend are unhealthy, the traffic will be directed back to the primary\nbackend in the \"force\" mode, where traffic will be spread to the healthy\nVMs with the best effort, or to all VMs when no VM is healthy.\nThis field is only used with l4 load balancing.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "healthChecks": { + "items": { + "description": "The health check resources for health checking this\nComputeBackendService. Currently at most one health check can be\nspecified, and a health check is required.", + "oneOf": [ + { + "required": [ + "healthCheckRef" + ] + }, + { + "required": [ + "httpHealthCheckRef" + ] + } + ], + "properties": { + "healthCheckRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpHealthCheckRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "iap": { + "description": "Settings for enabling Cloud Identity Aware Proxy.", + "oneOf": [ + { + "required": [ + "oauth2ClientId" + ] + }, + { + "required": [ + "oauth2ClientIdRef" + ] + } + ], + "properties": { + "oauth2ClientId": { + "description": "DEPRECATED. Although this field is still available, there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` instead.", + "type": "string" + }, + "oauth2ClientIdRef": { + "description": "OAuth2 Client ID for IAP.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "oauth2ClientSecret": { + "description": "OAuth2 Client Secret for IAP.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oauth2ClientSecretSha256": { + "description": "OAuth2 Client Secret SHA-256 for IAP.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "loadBalancingScheme": { + "description": "Immutable. Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"].", + "type": "string" + }, + "localityLbPolicies": { + "description": "A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.", + "items": { + "properties": { + "customPolicy": { + "description": "The configuration for a custom policy implemented by the user and\ndeployed with the client.", + "properties": { + "data": { + "description": "An optional, arbitrary JSON object with configuration data, understood\nby a locally installed custom policy implementation.", + "type": "string" + }, + "name": { + "description": "Identifies the custom policy.\n\nThe value should match the type the custom implementation is registered\nwith on the gRPC clients. It should follow protocol buffer\nmessage naming conventions and include the full path (e.g.\nmyorg.CustomLbPolicy). The maximum length is 256 characters.\n\nNote that specifying the same custom policy more than once for a\nbackend is not a valid configuration and will be rejected.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "policy": { + "description": "The configuration for a built-in load balancing policy.", + "properties": { + "name": { + "description": "The name of a locality load balancer policy to be used. The value\nshould be one of the predefined ones as supported by localityLbPolicy,\nalthough at the moment only ROUND_ROBIN is supported.\n\nThis field should only be populated when the customPolicy field is not\nused.\n\nNote that specifying the same policy more than once for a backend is\nnot a valid configuration and will be rejected.\n\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\"].", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "localityLbPolicy": { + "description": "The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"].", + "type": "string" + }, + "location": { + "description": "Location represents the geographical location of the ComputeBackendService. Specify a region name or \"global\" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "logConfig": { + "description": "This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.", + "properties": { + "enable": { + "description": "Whether to enable logging for the load balancer traffic served by this backend service.", + "type": "boolean" + }, + "sampleRate": { + "description": "This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkRef": { + "description": "The network to which this backend service belongs. This field can\nonly be specified when the load balancing scheme is set to\nINTERNAL.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "outlierDetection": { + "description": "Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the load_balancing_scheme is set\nto INTERNAL_SELF_MANAGED.", + "properties": { + "baseEjectionTime": { + "description": "The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "consecutiveErrors": { + "description": "Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.", + "type": "integer" + }, + "consecutiveGatewayFailure": { + "description": "The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.", + "type": "integer" + }, + "enforcingConsecutiveErrors": { + "description": "The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.", + "type": "integer" + }, + "enforcingConsecutiveGatewayFailure": { + "description": "The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.", + "type": "integer" + }, + "enforcingSuccessRate": { + "description": "The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.", + "type": "integer" + }, + "interval": { + "description": "Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "maxEjectionPercent": { + "description": "Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.", + "type": "integer" + }, + "successRateMinimumHosts": { + "description": "The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.", + "type": "integer" + }, + "successRateRequestVolume": { + "description": "The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.", + "type": "integer" + }, + "successRateStdevFactor": { + "description": "This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "portName": { + "description": "Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.", + "type": "string" + }, + "protocol": { + "description": "The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol \u201cUNSPECIFIED\u201d,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "securityPolicy": { + "description": "The security policy associated with this backend service.", + "type": "string" + }, + "securityPolicyRef": { + "description": "The security policy associated with this backend service.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "securitySettings": { + "description": "The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.", + "properties": { + "clientTLSPolicyRef": { + "description": "ClientTlsPolicy is a resource that specifies how a client should\nauthenticate connections to backends of a service. This resource itself\ndoes not affect configuration unless it is attached to a backend\nservice resource.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.\nIf specified, the client will verify that the server certificate's subject\nalt name matches one of the specified values.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "clientTLSPolicyRef", + "subjectAltNames" + ], + "type": "object", + "additionalProperties": false + }, + "sessionAffinity": { + "description": "Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"].", + "type": "string" + }, + "subsetting": { + "description": "Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing and Internal HTTP(S) load balancing.", + "properties": { + "policy": { + "description": "The algorithm used for subsetting. Possible values: [\"CONSISTENT_HASH_SUBSETTING\"].", + "type": "string" + } + }, + "required": [ + "policy" + ], + "type": "object", + "additionalProperties": false + }, + "timeoutSec": { + "description": "How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].", + "type": "integer" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "fingerprint": { + "description": "Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.", + "type": "string" + }, + "generatedId": { + "description": "The unique identifier for the resource. This identifier is defined by the server.", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computedisk_v1beta1.json b/compute.cnrm.cloud.google.com/computedisk_v1beta1.json new file mode 100644 index 00000000..8407a95b --- /dev/null +++ b/compute.cnrm.cloud.google.com/computedisk_v1beta1.json @@ -0,0 +1,953 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "asyncPrimaryDisk": { + "description": "Immutable. A nested object resource.", + "properties": { + "diskRef": { + "description": "Immutable. Primary disk for asynchronous disk replication.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeDisk` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "diskRef" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "diskEncryptionKey": { + "description": "Immutable. Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.", + "properties": { + "kmsKeyRef": { + "description": "The encryption key used to encrypt the disk. Your project's Compute\nEngine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')\nmust have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this\nfeature. See\nhttps://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyServiceAccountRef": { + "description": "The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "rawKey": { + "description": "Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "rsaEncryptedKey": { + "description": "Immutable. Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit\ncustomer-supplied encryption key to either encrypt or decrypt\nthis resource. You can provide either the rawKey or the rsaEncryptedKey.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "sha256": { + "description": "The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "enableConfidentialCompute": { + "description": "Immutable. Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true.", + "type": "boolean" + }, + "guestOsFeatures": { + "description": "Immutable. A list of features to enable on the guest operating system.\nApplicable only for bootable disks.", + "items": { + "properties": { + "type": { + "description": "Immutable. The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"].", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "imageRef": { + "description": "The image from which to initialize this disk.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "interface": { + "description": "DEPRECATED. `interface` is deprecated. This field is no longer used and can be safely removed from your configurations; disk interfaces are automatically determined on attachment. Immutable. Specifies the disk interface to use for attaching this disk, which is either SCSI or NVME. The default is SCSI.", + "type": "string" + }, + "licenses": { + "description": "Immutable. Any applicable license URI.", + "items": { + "type": "string" + }, + "type": "array" + }, + "location": { + "description": "Location represents the geographical location of the ComputeDisk. Specify a region name or a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "multiWriter": { + "description": "Immutable. Indicates whether or not the disk can be read/write attached to more than one instance.", + "type": "boolean" + }, + "physicalBlockSizeBytes": { + "description": "Immutable. Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.", + "type": "integer" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "provisionedIops": { + "description": "Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it.", + "type": "integer" + }, + "provisionedThroughput": { + "description": "Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it.", + "type": "integer" + }, + "replicaZones": { + "description": "Immutable. URLs of the zones where the disk should be replicated to.", + "items": { + "type": "string" + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "resourcePolicies": { + "items": { + "description": "Resource policies applied to this disk for automatic snapshot creations.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "size": { + "description": "Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\nUpsizing the disk is mutable, but downsizing the disk\nrequires re-creating the resource.", + "type": "integer" + }, + "snapshotRef": { + "description": "The source snapshot used to create this disk.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSnapshot` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceDiskRef": { + "description": "The source disk used to create this disk.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeDisk` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceImageEncryptionKey": { + "description": "Immutable. The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.", + "properties": { + "kmsKeyRef": { + "description": "The encryption key used to encrypt the disk. Your project's Compute\nEngine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')\nmust have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this\nfeature. See\nhttps://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyServiceAccountRef": { + "description": "The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "rawKey": { + "description": "Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.", + "type": "string" + }, + "sha256": { + "description": "The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceSnapshotEncryptionKey": { + "description": "Immutable. The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.", + "properties": { + "kmsKeyRef": { + "description": "The encryption key used to encrypt the disk. Your project's Compute\nEngine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com')\nmust have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this\nfeature. See\nhttps://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyServiceAccountRef": { + "description": "The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "rawKey": { + "description": "Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.", + "type": "string" + }, + "sha256": { + "description": "The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.", + "type": "string" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "labelFingerprint": { + "description": "The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.", + "type": "string" + }, + "lastAttachTimestamp": { + "description": "Last attach timestamp in RFC3339 text format.", + "type": "string" + }, + "lastDetachTimestamp": { + "description": "Last detach timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + }, + "sourceDiskId": { + "description": "The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.", + "type": "string" + }, + "sourceImageId": { + "description": "The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.", + "type": "string" + }, + "sourceSnapshotId": { + "description": "The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.", + "type": "string" + }, + "users": { + "description": "Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeexternalvpngateway_v1beta1.json b/compute.cnrm.cloud.google.com/computeexternalvpngateway_v1beta1.json new file mode 100644 index 00000000..52749590 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeexternalvpngateway_v1beta1.json @@ -0,0 +1,99 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "interface": { + "description": "Immutable. A list of interfaces on this external VPN gateway.", + "items": { + "properties": { + "id": { + "description": "Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type\nof this external VPN gateway\n* '0 - SINGLE_IP_INTERNALLY_REDUNDANT'\n* '0, 1 - TWO_IPS_REDUNDANCY'\n* '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'.", + "type": "integer" + }, + "ipAddress": { + "description": "Immutable. IP address of the interface in the external VPN gateway.\nOnly IPv4 is supported. This IP address can be either from\nyour on-premise gateway or another Cloud provider's VPN gateway,\nit cannot be an IP address from Google Compute Engine.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "redundancyType": { + "description": "Immutable. Indicates the redundancy type of this external VPN gateway Possible values: [\"FOUR_IPS_REDUNDANCY\", \"SINGLE_IP_INTERNALLY_REDUNDANT\", \"TWO_IPS_REDUNDANCY\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "labelFingerprint": { + "description": "The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computefirewall_v1beta1.json b/compute.cnrm.cloud.google.com/computefirewall_v1beta1.json new file mode 100644 index 00000000..0efc8730 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computefirewall_v1beta1.json @@ -0,0 +1,345 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "allow": { + "description": "The list of ALLOW rules specified by this firewall. Each rule\nspecifies a protocol and port-range tuple that describes a permitted\nconnection.", + "items": { + "properties": { + "ports": { + "description": "An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "protocol": { + "description": "The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.", + "type": "string" + } + }, + "required": [ + "protocol" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "deny": { + "description": "The list of DENY rules specified by this firewall. Each rule specifies\na protocol and port-range tuple that describes a denied connection.", + "items": { + "properties": { + "ports": { + "description": "An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "protocol": { + "description": "The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.", + "type": "string" + } + }, + "required": [ + "protocol" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "description": { + "description": "An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "destinationRanges": { + "description": "If destination ranges are specified, the firewall will apply only to\ntraffic that has destination IP address in these ranges. These ranges\nmust be expressed in CIDR format. IPv4 or IPv6 ranges are supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "direction": { + "description": "Immutable. Direction of traffic to which this firewall applies; default is\nINGRESS. Note: For INGRESS traffic, one of 'source_ranges',\n'source_tags' or 'source_service_accounts' is required. Possible values: [\"INGRESS\", \"EGRESS\"].", + "type": "string" + }, + "disabled": { + "description": "Denotes whether the firewall rule is disabled, i.e not applied to the\nnetwork it is associated with. When set to true, the firewall rule is\nnot enforced and the network behaves as if it did not exist. If this\nis unspecified, the firewall rule will be enabled.", + "type": "boolean" + }, + "enableLogging": { + "description": "DEPRECATED. Deprecated in favor of log_config. This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.", + "type": "boolean" + }, + "logConfig": { + "description": "This field denotes the logging options for a particular firewall rule.\nIf defined, logging is enabled, and logs will be exported to Cloud Logging.", + "properties": { + "metadata": { + "description": "This field denotes whether to include or exclude metadata for firewall logs. Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\"].", + "type": "string" + } + }, + "required": [ + "metadata" + ], + "type": "object", + "additionalProperties": false + }, + "networkRef": { + "description": "The network to attach this firewall to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "priority": { + "description": "Priority for this rule. This is an integer between 0 and 65535, both\ninclusive. When not specified, the value assumed is 1000. Relative\npriorities determine precedence of conflicting rules. Lower value of\npriority implies higher precedence (eg, a rule with priority 0 has\nhigher precedence than a rule with priority 1). DENY rules take\nprecedence over ALLOW rules having equal priority.", + "type": "integer" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "sourceRanges": { + "description": "If source ranges are specified, the firewall will apply only to\ntraffic that has source IP address in these ranges. These ranges must\nbe expressed in CIDR format. One or both of sourceRanges and\nsourceTags may be set. If both properties are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP that belongs to a tag listed in the sourceTags property. The\nconnection does not need to match both properties for the firewall to\napply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of\n'source_ranges', 'source_tags' or 'source_service_accounts' is required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceServiceAccounts": { + "items": { + "description": "If source service accounts are specified, the firewall will apply only\nto traffic originating from an instance with a service account in this\nlist. Source service accounts cannot be used to control traffic to an\ninstance's external IP address because service accounts are associated\nwith an instance, not an IP address. sourceRanges can be set at the\nsame time as sourceServiceAccounts. If both are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP belongs to an instance with service account listed in\nsourceServiceAccount. The connection does not need to match both\nproperties for the firewall to apply. sourceServiceAccounts cannot be\nused at the same time as sourceTags or targetTags.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sourceTags": { + "description": "If source tags are specified, the firewall will apply only to traffic\nwith source IP that belongs to a tag listed in source tags. Source\ntags cannot be used to control traffic to an instance's external IP\naddress. Because tags are associated with an instance, not an IP\naddress. One or both of sourceRanges and sourceTags may be set. If\nboth properties are set, the firewall will apply to traffic that has\nsource IP address within sourceRanges OR the source IP that belongs to\na tag listed in the sourceTags property. The connection does not need\nto match both properties for the firewall to apply. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "targetServiceAccounts": { + "items": { + "description": "A list of service accounts indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\ntargetServiceAccounts cannot be used at the same time as targetTags or\nsourceTags. If neither targetServiceAccounts nor targetTags are\nspecified, the firewall rule applies to all instances on the specified\nnetwork.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "targetTags": { + "description": "A list of instance tags indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\nIf no targetTags are specified, the firewall rule applies to all\ninstances on the specified network.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "networkRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computefirewallpolicy_v1beta1.json b/compute.cnrm.cloud.google.com/computefirewallpolicy_v1beta1.json new file mode 100644 index 00000000..b8432248 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computefirewallpolicy_v1beta1.json @@ -0,0 +1,217 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "folderRef" + ] + }, + { + "required": [ + "organizationRef" + ] + } + ], + "properties": { + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "folderRef": { + "description": "Immutable. The Folder that this resource belongs to. Only one of [folderRef, organizationRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "organizationRef": { + "description": "Immutable. The Organization that this resource belongs to. Only one of [folderRef, organizationRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "shortName": { + "description": "Immutable. User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", + "type": "string" + } + }, + "required": [ + "shortName" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "fingerprint": { + "description": "Fingerprint of the resource. This field is used internally during updates of this resource.", + "type": "string" + }, + "id": { + "description": "The unique identifier for the resource. This identifier is defined by the server.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "ruleTupleCount": { + "description": "Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.", + "format": "int64", + "type": "integer" + }, + "selfLink": { + "description": "Server-defined URL for the resource.", + "type": "string" + }, + "selfLinkWithId": { + "description": "Server-defined URL for this resource with the resource id.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computefirewallpolicyassociation_v1beta1.json b/compute.cnrm.cloud.google.com/computefirewallpolicyassociation_v1beta1.json new file mode 100644 index 00000000..54f49e03 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computefirewallpolicyassociation_v1beta1.json @@ -0,0 +1,187 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "attachmentTargetRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name", + "kind" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + }, + { + "required": [ + "kind" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The target that the firewall policy is attached to.\n\nAllowed values:\n* The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).\n* The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. Allowed values: Folder", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "firewallPolicyRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The firewall policy ID of the association.\n\nAllowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "attachmentTargetRef", + "firewallPolicyRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "shortName": { + "description": "The short name of the firewall policy of the association.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computefirewallpolicyrule_v1beta1.json b/compute.cnrm.cloud.google.com/computefirewallpolicyrule_v1beta1.json new file mode 100644 index 00000000..9b537646 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computefirewallpolicyrule_v1beta1.json @@ -0,0 +1,364 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "action": { + "description": "The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".", + "type": "string" + }, + "description": { + "description": "An optional description for this resource.", + "type": "string" + }, + "direction": { + "description": "The direction in which this rule applies. Possible values: INGRESS, EGRESS", + "type": "string" + }, + "disabled": { + "description": "Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.", + "type": "boolean" + }, + "enableLogging": { + "description": "Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.", + "type": "boolean" + }, + "firewallPolicyRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The firewall policy of the resource.\n\nAllowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "match": { + "description": "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.", + "properties": { + "destAddressGroups": { + "description": "Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.", + "items": { + "type": "string" + }, + "type": "array" + }, + "destFqdns": { + "description": "Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.", + "items": { + "type": "string" + }, + "type": "array" + }, + "destIPRanges": { + "description": "CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256.", + "items": { + "type": "string" + }, + "type": "array" + }, + "destRegionCodes": { + "description": "The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.", + "items": { + "type": "string" + }, + "type": "array" + }, + "destThreatIntelligences": { + "description": "Name of the Google Cloud Threat Intelligence list.", + "items": { + "type": "string" + }, + "type": "array" + }, + "layer4Configs": { + "description": "Pairs of IP protocols and ports that the rule should match.", + "items": { + "properties": { + "ipProtocol": { + "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.", + "type": "string" + }, + "ports": { + "description": "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "ipProtocol" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "srcAddressGroups": { + "description": "Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.", + "items": { + "type": "string" + }, + "type": "array" + }, + "srcFqdns": { + "description": "Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.", + "items": { + "type": "string" + }, + "type": "array" + }, + "srcIPRanges": { + "description": "CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256.", + "items": { + "type": "string" + }, + "type": "array" + }, + "srcRegionCodes": { + "description": "The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.", + "items": { + "type": "string" + }, + "type": "array" + }, + "srcThreatIntelligences": { + "description": "Name of the Google Cloud Threat Intelligence list.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "layer4Configs" + ], + "type": "object", + "additionalProperties": false + }, + "priority": { + "description": "Immutable. An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.", + "format": "int64", + "type": "integer" + }, + "targetResources": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "targetServiceAccounts": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "action", + "direction", + "firewallPolicyRef", + "match", + "priority" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "kind": { + "description": "Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "ruleTupleCount": { + "description": "Calculation of the complexity of a single firewall policy rule.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeforwardingrule_v1beta1.json b/compute.cnrm.cloud.google.com/computeforwardingrule_v1beta1.json new file mode 100644 index 00000000..e2c99052 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeforwardingrule_v1beta1.json @@ -0,0 +1,777 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "allPorts": { + "description": "Immutable. This field can only be used:\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By internal TCP/UDP load balancers, backend service-based network load\nbalancers, and internal and external protocol forwarding.\n\nThis option should be set to TRUE when the Forwarding Rule\nIPProtocol is set to L3_DEFAULT.\n\nSet this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule.\n\nThe 'ports', 'port_range', and\n'allPorts' fields are mutually exclusive.", + "type": "boolean" + }, + "allowGlobalAccess": { + "description": "This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.", + "type": "boolean" + }, + "allowPscGlobalAccess": { + "description": "This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.", + "type": "boolean" + }, + "backendServiceRef": { + "description": "A ComputeBackendService to receive the matched traffic. This is\nused only for internal load balancing.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "ipAddress": { + "description": "The IP address that this forwarding rule is serving on behalf of.\n\nAddresses are restricted based on the forwarding rule's load\nbalancing scheme (EXTERNAL or INTERNAL) and scope (global or\nregional).\n\nWhen the load balancing scheme is EXTERNAL, for global forwarding\nrules, the address must be a global IP, and for regional forwarding\nrules, the address must live in the same region as the forwarding\nrule. If this field is empty, an ephemeral IPv4 address from the\nsame scope (global or regional) will be assigned. A regional\nforwarding rule supports IPv4 only. A global forwarding rule\nsupports either IPv4 or IPv6.\n\nWhen the load balancing scheme is INTERNAL, this can only be an RFC\n1918 IP address belonging to the network/subnet configured for the\nforwarding rule. By default, if this field is empty, an ephemeral\ninternal IP address will be automatically allocated from the IP\nrange of the subnet or network configured for this forwarding rule.", + "oneOf": [ + { + "required": [ + "addressRef" + ] + }, + { + "required": [ + "ip" + ] + } + ], + "properties": { + "addressRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `address` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ip": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ipProtocol": { + "description": "Immutable. The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"].", + "type": "string" + }, + "ipVersion": { + "description": "Immutable. The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"].", + "type": "string" + }, + "isMirroringCollector": { + "description": "Immutable. Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.", + "type": "boolean" + }, + "loadBalancingScheme": { + "description": "Immutable. Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"].", + "type": "string" + }, + "location": { + "description": "Location represents the geographical location of the ComputeForwardingRule. Specify a region name or \"global\" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "metadataFilters": { + "description": "Immutable. Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.", + "items": { + "properties": { + "filterLabels": { + "description": "Immutable. The list of label value pairs that must match labels in the\nprovided metadata based on filterMatchCriteria\n\nThis list must not be empty and can have at the most 64 entries.", + "items": { + "properties": { + "name": { + "description": "Immutable. Name of the metadata label. The length must be between\n1 and 1024 characters, inclusive.", + "type": "string" + }, + "value": { + "description": "Immutable. The value that the label must match. The value has a maximum\nlength of 1024 characters.", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "filterMatchCriteria": { + "description": "Immutable. Specifies how individual filterLabel matches within the list of\nfilterLabels contribute towards the overall metadataFilter match.\n\nMATCH_ANY - At least one of the filterLabels must have a matching\nlabel in the provided metadata.\nMATCH_ALL - All filterLabels must have matching labels in the\nprovided metadata. Possible values: [\"MATCH_ANY\", \"MATCH_ALL\"].", + "type": "string" + } + }, + "required": [ + "filterLabels", + "filterMatchCriteria" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "networkRef": { + "description": "This field is not used for external load balancing. For internal\nload balancing, this field identifies the network that the load\nbalanced IP should belong to for this forwarding rule. If this\nfield is not specified, the default network will be used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkTier": { + "description": "Immutable. This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"].", + "type": "string" + }, + "noAutomateDnsZone": { + "description": "Immutable. This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.", + "type": "boolean" + }, + "portRange": { + "description": "Immutable. This field can only be used:\n\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By backend service-based network load balancers, target pool-based\nnetwork load balancers, internal proxy load balancers, external proxy load\nbalancers, Traffic Director, external protocol forwarding, and Classic VPN.\nSome products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\n\nOnly packets addressed to ports in the specified range will be forwarded to\nthe backends configured with this forwarding rule.\n\nThe 'ports' and 'port_range' fields are mutually exclusive.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have\noverlapping 'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]'\npair, and cannot have overlapping 'portRange's.", + "type": "string" + }, + "ports": { + "description": "Immutable. This field can only be used:\n\n* If 'IPProtocol' is one of TCP, UDP, or SCTP.\n* By internal TCP/UDP load balancers, backend service-based network load\nbalancers, internal protocol forwarding and when protocol is not L3_DEFAULT.\n\n\nYou can specify a list of up to five ports by number, separated by commas.\nThe ports can be contiguous or discontiguous. Only packets addressed to\nthese ports will be forwarded to the backends configured with this\nforwarding rule.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot share any values\ndefined in 'ports'.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]'\npair, and cannot share any values defined in 'ports'.\n\nThe 'ports' and 'port_range' fields are mutually exclusive.", + "items": { + "type": "string" + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serviceDirectoryRegistrations": { + "description": "Immutable. Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.", + "items": { + "properties": { + "namespace": { + "description": "Immutable. Service Directory namespace to register the forwarding rule under.", + "type": "string" + }, + "service": { + "description": "Immutable. Service Directory service to register the forwarding rule under.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "serviceLabel": { + "description": "Immutable. An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.", + "type": "string" + }, + "sourceIpRanges": { + "description": "Immutable. If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).", + "items": { + "type": "string" + }, + "type": "array" + }, + "subnetworkRef": { + "description": "Immutable. The subnetwork that the load balanced IP should belong to for this\nforwarding rule. This field is only used for internal load\nbalancing.\n\nIf the network specified is in auto subnet mode, this field is\noptional. However, if the network is in custom subnet mode, a\nsubnetwork must be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "target": { + "description": "The target resource to receive the matched traffic. The forwarded\ntraffic must be of a type appropriate to the target object. For\nINTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets\nare valid.", + "oneOf": [ + { + "required": [ + "targetGRPCProxyRef" + ] + }, + { + "required": [ + "targetHTTPProxyRef" + ] + }, + { + "required": [ + "targetHTTPSProxyRef" + ] + }, + { + "required": [ + "targetSSLProxyRef" + ] + }, + { + "required": [ + "targetTCPProxyRef" + ] + }, + { + "required": [ + "targetVPNGatewayRef" + ] + } + ], + "properties": { + "targetGRPCProxyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "targetHTTPProxyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "targetHTTPSProxyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "targetSSLProxyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "targetTCPProxyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "targetVPNGatewayRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "baseForwardingRule": { + "description": "[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "labelFingerprint": { + "description": "The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "pscConnectionId": { + "description": "The PSC connection id of the PSC Forwarding Rule.", + "type": "string" + }, + "pscConnectionStatus": { + "description": "The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'.", + "type": "string" + }, + "selfLink": { + "type": "string" + }, + "serviceName": { + "description": "The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computehealthcheck_v1beta1.json b/compute.cnrm.cloud.google.com/computehealthcheck_v1beta1.json new file mode 100644 index 00000000..51ea0f98 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computehealthcheck_v1beta1.json @@ -0,0 +1,308 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "checkIntervalSec": { + "description": "How often (in seconds) to send a health check. The default value is 5\nseconds.", + "type": "integer" + }, + "description": { + "description": "An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "grpcHealthCheck": { + "description": "A nested object resource.", + "properties": { + "grpcServiceName": { + "description": "The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n - Empty serviceName means the overall status of all services at the backend.\n - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\nThe grpcServiceName can only be ASCII.", + "type": "string" + }, + "port": { + "description": "The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.", + "type": "string" + }, + "portSpecification": { + "description": "Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "healthyThreshold": { + "description": "A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.", + "type": "integer" + }, + "http2HealthCheck": { + "description": "A nested object resource.", + "properties": { + "host": { + "description": "The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.", + "type": "string" + }, + "port": { + "description": "The TCP port number for the HTTP2 health check request.\nThe default value is 443.", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.", + "type": "string" + }, + "portSpecification": { + "description": "Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"].", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"].", + "type": "string" + }, + "requestPath": { + "description": "The request path of the HTTP2 health check request.\nThe default value is /.", + "type": "string" + }, + "response": { + "description": "The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpHealthCheck": { + "description": "A nested object resource.", + "properties": { + "host": { + "description": "The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.", + "type": "string" + }, + "port": { + "description": "The TCP port number for the HTTP health check request.\nThe default value is 80.", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.", + "type": "string" + }, + "portSpecification": { + "description": "Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"].", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"].", + "type": "string" + }, + "requestPath": { + "description": "The request path of the HTTP health check request.\nThe default value is /.", + "type": "string" + }, + "response": { + "description": "The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpsHealthCheck": { + "description": "A nested object resource.", + "properties": { + "host": { + "description": "The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.", + "type": "string" + }, + "port": { + "description": "The TCP port number for the HTTPS health check request.\nThe default value is 443.", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.", + "type": "string" + }, + "portSpecification": { + "description": "Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"].", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"].", + "type": "string" + }, + "requestPath": { + "description": "The request path of the HTTPS health check request.\nThe default value is /.", + "type": "string" + }, + "response": { + "description": "The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Location represents the geographical location of the ComputeHealthCheck. Specify a region name or \"global\" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "logConfig": { + "description": "Configure logging on this health check.", + "properties": { + "enable": { + "description": "Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "sslHealthCheck": { + "description": "A nested object resource.", + "properties": { + "port": { + "description": "The TCP port number for the SSL health check request.\nThe default value is 443.", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.", + "type": "string" + }, + "portSpecification": { + "description": "Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"].", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"].", + "type": "string" + }, + "request": { + "description": "The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.", + "type": "string" + }, + "response": { + "description": "The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tcpHealthCheck": { + "description": "A nested object resource.", + "properties": { + "port": { + "description": "The TCP port number for the TCP health check request.\nThe default value is 443.", + "type": "integer" + }, + "portName": { + "description": "Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.", + "type": "string" + }, + "portSpecification": { + "description": "Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"].", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"].", + "type": "string" + }, + "request": { + "description": "The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.", + "type": "string" + }, + "response": { + "description": "The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeoutSec": { + "description": "How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.", + "type": "integer" + }, + "unhealthyThreshold": { + "description": "A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.", + "type": "integer" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + }, + "type": { + "description": "The type of the health check. One of HTTP, HTTPS, TCP, or SSL.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computehttphealthcheck_v1beta1.json b/compute.cnrm.cloud.google.com/computehttphealthcheck_v1beta1.json new file mode 100644 index 00000000..a4338cdf --- /dev/null +++ b/compute.cnrm.cloud.google.com/computehttphealthcheck_v1beta1.json @@ -0,0 +1,105 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "checkIntervalSec": { + "description": "How often (in seconds) to send a health check. The default value is 5\nseconds.", + "type": "integer" + }, + "description": { + "description": "An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "healthyThreshold": { + "description": "A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.", + "type": "integer" + }, + "host": { + "description": "The value of the host header in the HTTP health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.", + "type": "string" + }, + "port": { + "description": "The TCP port number for the HTTP health check request.\nThe default value is 80.", + "type": "integer" + }, + "requestPath": { + "description": "The request path of the HTTP health check request.\nThe default value is /.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "timeoutSec": { + "description": "How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.", + "type": "integer" + }, + "unhealthyThreshold": { + "description": "A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computehttpshealthcheck_v1beta1.json b/compute.cnrm.cloud.google.com/computehttpshealthcheck_v1beta1.json new file mode 100644 index 00000000..a3c2d61b --- /dev/null +++ b/compute.cnrm.cloud.google.com/computehttpshealthcheck_v1beta1.json @@ -0,0 +1,105 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "checkIntervalSec": { + "description": "How often (in seconds) to send a health check. The default value is 5\nseconds.", + "type": "integer" + }, + "description": { + "description": "An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "healthyThreshold": { + "description": "A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.", + "type": "integer" + }, + "host": { + "description": "The value of the host header in the HTTPS health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.", + "type": "string" + }, + "port": { + "description": "The TCP port number for the HTTPS health check request.\nThe default value is 443.", + "type": "integer" + }, + "requestPath": { + "description": "The request path of the HTTPS health check request.\nThe default value is /.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "timeoutSec": { + "description": "How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.", + "type": "integer" + }, + "unhealthyThreshold": { + "description": "A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeimage_v1beta1.json b/compute.cnrm.cloud.google.com/computeimage_v1beta1.json new file mode 100644 index 00000000..6bb4f2fe --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeimage_v1beta1.json @@ -0,0 +1,403 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "diskRef": { + "description": "The source disk to create this image based on.\nYou must provide either this property or the\nrawDisk.source property but not both to create an image.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeDisk` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "diskSizeGb": { + "description": "Immutable. Size of the image when restored onto a persistent disk (in GB).", + "type": "integer" + }, + "family": { + "description": "Immutable. The name of the image family to which this image belongs. You can\ncreate disks by specifying an image family instead of a specific\nimage name. The image family always returns its latest image that is\nnot deprecated. The name of the image family must comply with\nRFC1035.", + "type": "string" + }, + "guestOsFeatures": { + "description": "Immutable. A list of features to enable on the guest operating system.\nApplicable only for bootable images.", + "items": { + "properties": { + "type": { + "description": "Immutable. The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"].", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "imageEncryptionKey": { + "description": "Immutable. Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must\nprovide the same key if you use the image later (e.g. to create a\ndisk from the image).", + "properties": { + "kmsKeySelfLinkRef": { + "description": "The self link of the encryption key that is stored in Google Cloud\nKMS.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyServiceAccountRef": { + "description": "The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service account\nis used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "licenses": { + "description": "Immutable. Any applicable license URI.", + "items": { + "type": "string" + }, + "type": "array" + }, + "rawDisk": { + "description": "Immutable. The parameters of the raw disk image.", + "properties": { + "containerType": { + "description": "Immutable. The format used to encode and transmit the block device, which\nshould be TAR. This is just a container and transmission format\nand not a runtime format. Provided by the client when the disk\nimage is created. Default value: \"TAR\" Possible values: [\"TAR\"].", + "type": "string" + }, + "sha1": { + "description": "Immutable. An optional SHA1 checksum of the disk image before unpackaging.\nThis is provided by the client when the disk image is created.", + "type": "string" + }, + "source": { + "description": "Immutable. The full Google Cloud Storage URL where disk storage is stored\nYou must provide either this property or the sourceDisk property\nbut not both.", + "type": "string" + } + }, + "required": [ + "source" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "sourceImageRef": { + "description": "The source image used to create this image.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceSnapshotRef": { + "description": "The source snapshot used to create this image.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSnapshot` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "storageLocations": { + "description": "Immutable. Cloud Storage bucket storage location of the image\n(regional or multi-regional).\nReference link: https://cloud.google.com/compute/docs/reference/rest/v1/images.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "archiveSizeBytes": { + "description": "Size of the image tar.gz archive stored in Google Cloud Storage (in\nbytes).", + "type": "integer" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "labelFingerprint": { + "description": "The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeinstance_v1beta1.json b/compute.cnrm.cloud.google.com/computeinstance_v1beta1.json new file mode 100644 index 00000000..b26e8894 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeinstance_v1beta1.json @@ -0,0 +1,1354 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "anyOf": [ + { + "required": [ + "bootDisk", + "machineType", + "networkInterface", + "zone" + ] + }, + { + "required": [ + "instanceTemplateRef", + "zone" + ] + } + ], + "properties": { + "advancedMachineFeatures": { + "description": "Controls for advanced machine-related behavior features.", + "properties": { + "enableNestedVirtualization": { + "description": "Whether to enable nested virtualization or not.", + "type": "boolean" + }, + "threadsPerCore": { + "description": "The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.", + "type": "integer" + }, + "visibleCoreCount": { + "description": "The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "attachedDisk": { + "description": "List of disks attached to the instance.", + "items": { + "properties": { + "deviceName": { + "description": "Name with which the attached disk is accessible under /dev/disk/by-id/.", + "type": "string" + }, + "diskEncryptionKeyRaw": { + "description": "A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "diskEncryptionKeySha256": { + "description": "The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.", + "type": "string" + }, + "kmsKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mode": { + "description": "Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".", + "type": "string" + }, + "sourceDiskRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeDisk` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "sourceDiskRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "bootDisk": { + "description": "Immutable. The boot disk for the instance.", + "properties": { + "autoDelete": { + "description": "Immutable. Whether the disk will be auto-deleted when the instance is deleted.", + "type": "boolean" + }, + "deviceName": { + "description": "Immutable. Name with which attached disk will be accessible under /dev/disk/by-id/.", + "type": "string" + }, + "diskEncryptionKeyRaw": { + "description": "Immutable. A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "diskEncryptionKeySha256": { + "description": "The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.", + "type": "string" + }, + "initializeParams": { + "description": "Immutable. Parameters with which a disk was created alongside the instance.", + "properties": { + "labels": { + "description": "Immutable. A set of key/value label pairs assigned to the disk.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "resourceManagerTags": { + "description": "Immutable. A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "size": { + "description": "Immutable. The size of the image in gigabytes.", + "type": "integer" + }, + "sourceImageRef": { + "description": "Immutable. The image from which to initialize this disk.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mode": { + "description": "Immutable. Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".", + "type": "string" + }, + "sourceDiskRef": { + "description": "Immutable. The source disk used to create this disk.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeDisk` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "canIpForward": { + "description": "Whether sending and receiving of packets with non-matching source or destination IPs is allowed.", + "type": "boolean" + }, + "confidentialInstanceConfig": { + "description": "Immutable. The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.", + "properties": { + "enableConfidentialCompute": { + "description": "Defines whether the instance should have confidential compute enabled.", + "type": "boolean" + } + }, + "required": [ + "enableConfidentialCompute" + ], + "type": "object", + "additionalProperties": false + }, + "deletionProtection": { + "description": "Whether deletion protection is enabled on this instance.", + "type": "boolean" + }, + "description": { + "description": "Immutable. A brief description of the resource.", + "type": "string" + }, + "desiredStatus": { + "description": "Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".", + "type": "string" + }, + "enableDisplay": { + "description": "Whether the instance has virtual displays enabled.", + "type": "boolean" + }, + "guestAccelerator": { + "description": "Immutable. List of the type and count of accelerator cards attached to the instance.", + "items": { + "properties": { + "count": { + "description": "Immutable. The number of the guest accelerator cards exposed to this instance.", + "type": "integer" + }, + "type": { + "description": "Immutable. The accelerator type resource exposed to this instance. E.g. nvidia-tesla-k80.", + "type": "string" + } + }, + "required": [ + "count", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "hostname": { + "description": "Immutable. A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.", + "type": "string" + }, + "instanceTemplateRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "machineType": { + "description": "The machine type to create.", + "type": "string" + }, + "metadata": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "metadataStartupScript": { + "description": "Immutable. Metadata startup scripts made available within the instance.", + "type": "string" + }, + "minCpuPlatform": { + "description": "The minimum CPU platform specified for the VM instance.", + "type": "string" + }, + "networkInterface": { + "description": "Immutable. The networks attached to the instance.", + "items": { + "not": { + "required": [ + "networkIp", + "networkIpRef" + ] + }, + "properties": { + "accessConfig": { + "description": "Access configurations, i.e. IPs via which this instance can be accessed via the Internet.", + "items": { + "properties": { + "natIpRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `address` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkTier": { + "description": "The networking tier used for configuring this instance. One of PREMIUM or STANDARD.", + "type": "string" + }, + "publicPtrDomainName": { + "description": "The DNS domain name for the public PTR record.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "aliasIpRange": { + "description": "An array of alias IP ranges for this network interface.", + "items": { + "properties": { + "ipCidrRange": { + "description": "The IP CIDR range represented by this alias IP range.", + "type": "string" + }, + "subnetworkRangeName": { + "description": "The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.", + "type": "string" + } + }, + "required": [ + "ipCidrRange" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "internalIpv6PrefixLength": { + "description": "The prefix length of the primary internal IPv6 range.", + "type": "integer" + }, + "ipv6AccessConfig": { + "description": "An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.", + "items": { + "properties": { + "externalIpv6": { + "description": "Immutable. The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.", + "type": "string" + }, + "externalIpv6PrefixLength": { + "description": "Immutable. The prefix length of the external IPv6 range.", + "type": "string" + }, + "name": { + "description": "Immutable. The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.", + "type": "string" + }, + "networkTier": { + "description": "The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6.", + "type": "string" + }, + "publicPtrDomainName": { + "description": "The domain name to be used when creating DNSv6 records for the external IPv6 ranges.", + "type": "string" + } + }, + "required": [ + "networkTier" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "ipv6AccessType": { + "description": "One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.", + "type": "string" + }, + "ipv6Address": { + "description": "An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.", + "type": "string" + }, + "name": { + "description": "The name of the interface.", + "type": "string" + }, + "networkIp": { + "description": "DEPRECATED. Although this field is still available, there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` instead.", + "type": "string" + }, + "networkIpRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name", + "kind" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + }, + { + "required": [ + "kind" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `address` field of a `ComputeAddress` resource.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. Allowed values: ComputeAddress", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nicType": { + "description": "Immutable. The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET.", + "type": "string" + }, + "queueCount": { + "description": "Immutable. The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.", + "type": "integer" + }, + "stackType": { + "description": "The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.", + "type": "string" + }, + "subnetworkProject": { + "description": "The project in which the subnetwork belongs.", + "type": "string" + }, + "subnetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "networkPerformanceConfig": { + "description": "Immutable. Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.", + "properties": { + "totalEgressBandwidthTier": { + "description": "Immutable. The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT.", + "type": "string" + } + }, + "required": [ + "totalEgressBandwidthTier" + ], + "type": "object", + "additionalProperties": false + }, + "params": { + "description": "Immutable. Stores additional params passed with the request, but not persisted as part of resource payload.", + "properties": { + "resourceManagerTags": { + "description": "Immutable. A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT & PATCH) when empty.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object", + "additionalProperties": false + }, + "reservationAffinity": { + "description": "Immutable. Specifies the reservations that this instance can consume from.", + "properties": { + "specificReservation": { + "description": "Immutable. Specifies the label selector for the reservation to use.", + "properties": { + "key": { + "description": "Immutable. Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.", + "type": "string" + }, + "values": { + "description": "Immutable. Corresponds to the label values of a reservation resource.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "values" + ], + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. The type of reservation from which this instance can consume resources.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "resourcePolicies": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "scheduling": { + "description": "The scheduling strategy being used by the instance.", + "properties": { + "automaticRestart": { + "description": "Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).", + "type": "boolean" + }, + "instanceTerminationAction": { + "description": "Specifies the action GCE should take when SPOT VM is preempted.", + "type": "string" + }, + "localSsdRecoveryTimeout": { + "description": "Immutable. Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.", + "properties": { + "nanos": { + "description": "Immutable. Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Immutable. Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "maintenanceInterval": { + "description": "Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC.", + "type": "string" + }, + "maxRunDuration": { + "description": "Immutable. The timeout for new network connections to hosts.", + "properties": { + "nanos": { + "description": "Immutable. Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Immutable. Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "minNodeCpus": { + "type": "integer" + }, + "nodeAffinities": { + "items": { + "properties": { + "value": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "onHostMaintenance": { + "description": "Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,.", + "type": "string" + }, + "preemptible": { + "description": "Immutable. Whether the instance is preemptible.", + "type": "boolean" + }, + "provisioningModel": { + "description": "Immutable. Whether the instance is spot. If this is set as SPOT.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "scratchDisk": { + "description": "Immutable. The scratch disks attached to the instance.", + "items": { + "properties": { + "interface": { + "description": "The disk interface used for attaching this disk. One of SCSI or NVME.", + "type": "string" + }, + "size": { + "description": "Immutable. The size of the disk in gigabytes. One of 375 or 3000.", + "type": "integer" + } + }, + "required": [ + "interface" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "serviceAccount": { + "description": "The service account to attach to the instance.", + "properties": { + "scopes": { + "description": "A list of service scopes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "scopes" + ], + "type": "object", + "additionalProperties": false + }, + "shieldedInstanceConfig": { + "description": "The shielded vm config being used by the instance.", + "properties": { + "enableIntegrityMonitoring": { + "description": "Whether integrity monitoring is enabled for the instance.", + "type": "boolean" + }, + "enableSecureBoot": { + "description": "Whether secure boot is enabled for the instance.", + "type": "boolean" + }, + "enableVtpm": { + "description": "Whether the instance uses vTPM.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "tags": { + "description": "The list of tags attached to the instance.", + "items": { + "type": "string" + }, + "type": "array" + }, + "zone": { + "description": "Immutable. The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "cpuPlatform": { + "description": "The CPU platform used by this instance.", + "type": "string" + }, + "currentStatus": { + "description": "\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).", + "type": "string" + }, + "instanceId": { + "description": "The server-assigned unique identifier of this instance.", + "type": "string" + }, + "labelFingerprint": { + "description": "The unique fingerprint of the labels.", + "type": "string" + }, + "metadataFingerprint": { + "description": "The unique fingerprint of the metadata.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + }, + "tagsFingerprint": { + "description": "The unique fingerprint of the tags.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeinstancegroup_v1beta1.json b/compute.cnrm.cloud.google.com/computeinstancegroup_v1beta1.json new file mode 100644 index 00000000..2521bd05 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeinstancegroup_v1beta1.json @@ -0,0 +1,211 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional textual description of the instance group.", + "type": "string" + }, + "instances": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "namedPort": { + "description": "The named port configuration.", + "items": { + "properties": { + "name": { + "description": "The name which the port will be mapped to.", + "type": "string" + }, + "port": { + "description": "The port number to map the name to.", + "type": "integer" + } + }, + "required": [ + "name", + "port" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "zone": { + "description": "Immutable. The zone that this instance group should be created in.", + "type": "string" + } + }, + "required": [ + "zone" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + }, + "size": { + "description": "The number of instances in the group.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeinstancegroupmanager_v1beta1.json b/compute.cnrm.cloud.google.com/computeinstancegroupmanager_v1beta1.json new file mode 100644 index 00000000..927b00b8 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeinstancegroupmanager_v1beta1.json @@ -0,0 +1,769 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "autoHealingPolicies": { + "description": "The autohealing policy for this managed instance group. You can specify only one value.", + "items": { + "properties": { + "healthCheckRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The URL for the health check that signals autohealing.\n\nAllowed value: The `selfLink` field of a `ComputeHealthCheck` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "initialDelaySec": { + "description": "The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. This initial delay allows instances to initialize and run their startup scripts before the instance group determines that they are UNHEALTHY. This prevents the managed instance group from recreating its instances prematurely. This value must be from range [0, 3600].", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "baseInstanceName": { + "description": "The base instance name to use for instances in this group. The value must be 1-58 characters long. Instances are named by appending a hyphen and a random four-character string to the base instance name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt).", + "type": "string" + }, + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "distributionPolicy": { + "description": "Policy specifying the intended distribution of managed instances across zones in a regional managed instance group.", + "properties": { + "targetShape": { + "description": "The distribution shape to which the group converges either proactively or on resize events (depending on the value set in `updatePolicy.instanceRedistributionType`). Possible values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE", + "type": "string" + }, + "zones": { + "description": "Immutable. Zones where the regional managed instance group will create and manage its instances.", + "items": { + "properties": { + "zone": { + "description": "Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). The zone must exist in the region where the managed instance group is located.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "failoverAction": { + "description": "The action to perform in case of zone failure. Only one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. Possible values: UNKNOWN, NO_FAILOVER", + "type": "string" + }, + "instanceTemplateRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`.\n\nAllowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of this resource.", + "type": "string" + }, + "namedPorts": { + "description": "Immutable. Named ports configured for the Instance Groups complementary to this Instance Group Manager.", + "items": { + "properties": { + "name": { + "description": "Immutable. The name for this named port. The name must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt).", + "type": "string" + }, + "port": { + "description": "Immutable. The port number, which can be a value between 1 and 65535.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "statefulPolicy": { + "description": "Stateful configuration for this Instanced Group Manager", + "properties": { + "preservedState": { + "properties": { + "disks": { + "additionalProperties": { + "properties": { + "autoDelete": { + "description": "These stateful disks will never be deleted during autohealing, update or VM instance recreate operations. This flag is used to configure if the disk should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Note: disks attached in READ_ONLY mode cannot be auto-deleted. Possible values: NEVER, ON_PERMANENT_INSTANCE_DELETION", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": "Disks created on the instances that will be preserved on instance delete, update, etc. This map is keyed with the device names of the disks.", + "type": "object" + }, + "externalIps": { + "additionalProperties": { + "properties": { + "autoDelete": { + "description": "These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Possible values: NEVER, ON_PERMANENT_INSTANCE_DELETION", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": "External network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name.", + "type": "object" + }, + "internalIps": { + "additionalProperties": { + "properties": { + "autoDelete": { + "description": "These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Possible values: NEVER, ON_PERMANENT_INSTANCE_DELETION", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": "Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "targetPools": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetPool` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "targetSize": { + "description": "The target number of running instances for this managed instance group. You can reduce this number by using the instanceGroupManager deleteInstances or abandonInstances methods. Resizing the group also changes this number.", + "format": "int64", + "type": "integer" + }, + "updatePolicy": { + "description": "The update policy for this managed instance group.", + "properties": { + "instanceRedistributionType": { + "description": "The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) for regional managed instance groups. Valid values are: - `PROACTIVE` (default): The group attempts to maintain an even distribution of VM instances across zones in the region. - `NONE`: For non-autoscaled groups, proactive redistribution is disabled.", + "type": "string" + }, + "maxSurge": { + "description": "The maximum number of instances that can be created above the specified `targetSize` during the update process. This value can be either a fixed number or, if the group has 10 or more instances, a percentage. If you set a percentage, the number of instances is rounded if necessary. The default value for `maxSurge` is a fixed value equal to the number of zones in which the managed instance group operates. At least one of either `maxSurge` or `maxUnavailable` must be greater than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge).", + "properties": { + "fixed": { + "description": "Specifies a fixed number of VM instances. This must be a positive integer.", + "format": "int64", + "type": "integer" + }, + "percent": { + "description": "Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify `80` for 80%.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "maxUnavailable": { + "description": "The maximum number of instances that can be unavailable during the update process. An instance is considered available if all of the following conditions are satisfied: - The instance's [status](/compute/docs/instances/checking-instance-status) is `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) on the instance group, the instance's health check status must be `HEALTHY` at least once. If there is no health check on the group, then the instance only needs to have a status of `RUNNING` to be considered available. This value can be either a fixed number or, if the group has 10 or more instances, a percentage. If you set a percentage, the number of instances is rounded if necessary. The default value for `maxUnavailable` is a fixed value equal to the number of zones in which the managed instance group operates. At least one of either `maxSurge` or `maxUnavailable` must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).", + "properties": { + "fixed": { + "description": "Specifies a fixed number of VM instances. This must be a positive integer.", + "format": "int64", + "type": "integer" + }, + "percent": { + "description": "Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify `80` for 80%.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "minReadySec": { + "description": "Minimum number of seconds to wait for after a newly created instance becomes available. This value must be from range [0, 3600].", + "format": "int64", + "type": "integer" + }, + "minimalAction": { + "description": "Minimal action to be taken on an instance. You can specify either `RESTART` to restart existing instances or `REPLACE` to delete and create new instances from the target template. If you specify a `RESTART`, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.", + "type": "string" + }, + "mostDisruptiveAllowedAction": { + "description": "Most disruptive action that is allowed to be taken on an instance. You can specify either `NONE` to forbid any actions, `REFRESH` to allow actions that do not need instance restart, `RESTART` to allow actions that can be applied without instance replacing or `REPLACE` to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.", + "type": "string" + }, + "replacementMethod": { + "description": "What action should be used to replace instances. See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE", + "type": "string" + }, + "type": { + "description": "The type of update process. You can specify either `PROACTIVE` so that the instance group manager proactively executes actions in order to bring instances to their target versions or `OPPORTUNISTIC` so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or `recreateInstances` calls).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "versions": { + "description": "Specifies the instance templates used by this managed instance group to create instances. Each version is defined by an `instanceTemplate` and a `name`. Every version can appear at most once per instance group. This field overrides the top-level `instanceTemplate` field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). Exactly one `version` must leave the `targetSize` field unset. That version will be applied to all remaining instances. For more information, read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update).", + "items": { + "properties": { + "instanceTemplateRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached.\n\nAllowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Name of the version. Unique among all versions in the scope of this managed instance group.", + "type": "string" + }, + "targetSize": { + "description": "Specifies the intended number of instances to be created from the `instanceTemplate`. The final number of instances created from the template will be equal to: - If expressed as a fixed number, the minimum of either `targetSize.fixed` or `instanceGroupManager.targetSize` is used. - if expressed as a `percent`, the `targetSize` would be `(targetSize.percent/100 * InstanceGroupManager.targetSize)` If there is a remainder, the number is rounded. If unset, this version will update any remaining instances not updated by another `version`. Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) for more information.", + "properties": { + "calculated": { + "description": "[Output Only] Absolute value of VM instances calculated based on the specific mode. - If the value is `fixed`, then the `calculated` value is equal to the `fixed` value. - If the value is a `percent`, then the `calculated` value is `percent`/100 * `targetSize`. For example, the `calculated` value of a 80% of a managed instance group with 150 instances would be (80/100 * 150) = 120 VM instances. If there is a remainder, the number is rounded.", + "format": "int64", + "type": "integer" + }, + "fixed": { + "description": "Specifies a fixed number of VM instances. This must be a positive integer.", + "format": "int64", + "type": "integer" + }, + "percent": { + "description": "Specifies a percentage of instances between 0 to 100%, inclusive. For example, specify `80` for 80%.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "projectRef", + "targetSize" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "The creation timestamp for this managed instance group in \\[RFC3339\\](https://www.ietf.org/rfc/rfc3339.txt) text format.", + "type": "string" + }, + "currentActions": { + "description": "[Output Only] The list of instance actions and the number of instances in this managed instance group that are scheduled for each of those actions.", + "properties": { + "abandoning": { + "description": "[Output Only] The total number of instances in the managed instance group that are scheduled to be abandoned. Abandoning an instance removes it from the managed instance group without deleting it.", + "format": "int64", + "type": "integer" + }, + "creating": { + "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be created or are currently being created. If the group fails to create any of these instances, it tries again until it creates the instance successfully. If you have disabled creation retries, this field will not be populated; instead, the `creatingWithoutRetries` field will be populated.", + "format": "int64", + "type": "integer" + }, + "creatingWithoutRetries": { + "description": "[Output Only] The number of instances that the managed instance group will attempt to create. The group attempts to create each instance only once. If the group fails to create any of these instances, it decreases the group's `targetSize` value accordingly.", + "format": "int64", + "type": "integer" + }, + "deleting": { + "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be deleted or are currently being deleted.", + "format": "int64", + "type": "integer" + }, + "none": { + "description": "[Output Only] The number of instances in the managed instance group that are running and have no scheduled actions.", + "format": "int64", + "type": "integer" + }, + "recreating": { + "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be recreated or are currently being being recreated. Recreating an instance deletes the existing root persistent disk and creates a new disk from the image that is defined in the instance template.", + "format": "int64", + "type": "integer" + }, + "refreshing": { + "description": "[Output Only] The number of instances in the managed instance group that are being reconfigured with properties that do not require a restart or a recreate action. For example, setting or removing target pools for the instance.", + "format": "int64", + "type": "integer" + }, + "restarting": { + "description": "[Output Only] The number of instances in the managed instance group that are scheduled to be restarted or are currently being restarted.", + "format": "int64", + "type": "integer" + }, + "verifying": { + "description": "[Output Only] The number of instances in the managed instance group that are being verified. See the `managedInstances[].currentAction` property in the `listManagedInstances` method documentation.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "fingerprint": { + "description": "Fingerprint of this resource. This field may be used in optimistic locking. It will be ignored when inserting an InstanceGroupManager. An up-to-date fingerprint must be provided in order to update the InstanceGroupManager, otherwise the request will fail with error `412 conditionNotMet`. To see the latest fingerprint, make a `get()` request to retrieve an InstanceGroupManager.", + "type": "string" + }, + "id": { + "description": "[Output Only] A unique identifier for this resource type. The server generates this identifier.", + "format": "int64", + "type": "integer" + }, + "instanceGroup": { + "description": "[Output Only] The URL of the Instance Group resource.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "region": { + "description": "[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) where the managed instance group resides (for regional resources).", + "type": "string" + }, + "selfLink": { + "description": "[Output Only] The URL for this managed instance group. The server defines this URL.", + "type": "string" + }, + "status": { + "description": "[Output Only] The status of this managed instance group.", + "properties": { + "autoscaler": { + "description": "[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) that targets this instance group manager.", + "type": "string" + }, + "isStable": { + "description": "[Output Only] A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified.", + "type": "boolean" + }, + "stateful": { + "description": "[Output Only] Stateful status of the given Instance Group Manager.", + "properties": { + "hasStatefulConfig": { + "description": "[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions.", + "type": "boolean" + }, + "isStateful": { + "description": "[Output Only] A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions. This field is deprecated in favor of has_stateful_config.", + "type": "boolean" + }, + "perInstanceConfigs": { + "description": "[Output Only] Status of per-instance configs on the instance.", + "properties": { + "allEffective": { + "description": "A bit indicating if all of the group's per-instance configs (listed in the output of a listPerInstanceConfigs API call) have status `EFFECTIVE` or there are no per-instance-configs.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "versionTarget": { + "description": "[Output Only] A status of consistency of Instances' versions with their target version specified by `version` field on Instance Group Manager.", + "properties": { + "isReached": { + "description": "[Output Only] A bit indicating whether version target has been reached in this managed instance group, i.e. all instances are in their target version. Instances' target version are specified by `version` field on Instance Group Manager.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "updatePolicy": { + "properties": { + "maxSurge": { + "properties": { + "calculated": { + "description": "[Output Only] Absolute value of VM instances calculated based on the specific mode. - If the value is `fixed`, then the `calculated` value is equal to the `fixed` value. - If the value is a `percent`, then the `calculated` value is `percent`/100 * `targetSize`. For example, the `calculated` value of a 80% of a managed instance group with 150 instances would be (80/100 * 150) = 120 VM instances. If there is a remainder, the number is rounded.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "maxUnavailable": { + "properties": { + "calculated": { + "description": "[Output Only] Absolute value of VM instances calculated based on the specific mode. - If the value is `fixed`, then the `calculated` value is equal to the `fixed` value. - If the value is a `percent`, then the `calculated` value is `percent`/100 * `targetSize`. For example, the `calculated` value of a 80% of a managed instance group with 150 instances would be (80/100 * 150) = 120 VM instances. If there is a remainder, the number is rounded.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "zone": { + "description": "[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) where the managed instance group is located (for zonal resources).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeinstancetemplate_v1beta1.json b/compute.cnrm.cloud.google.com/computeinstancetemplate_v1beta1.json new file mode 100644 index 00000000..f5e9904f --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeinstancetemplate_v1beta1.json @@ -0,0 +1,1284 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "advancedMachineFeatures": { + "description": "Immutable. Controls for advanced machine-related behavior features.", + "properties": { + "enableNestedVirtualization": { + "description": "Immutable. Whether to enable nested virtualization or not.", + "type": "boolean" + }, + "threadsPerCore": { + "description": "Immutable. The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.", + "type": "integer" + }, + "visibleCoreCount": { + "description": "Immutable. The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "canIpForward": { + "description": "Immutable. Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.", + "type": "boolean" + }, + "confidentialInstanceConfig": { + "description": "Immutable. The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.", + "properties": { + "enableConfidentialCompute": { + "description": "Immutable. Defines whether the instance should have confidential compute enabled.", + "type": "boolean" + } + }, + "required": [ + "enableConfidentialCompute" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. A brief description of this resource.", + "type": "string" + }, + "disk": { + "description": "Immutable. Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.", + "items": { + "properties": { + "autoDelete": { + "description": "Immutable. Whether or not the disk should be auto-deleted. This defaults to true.", + "type": "boolean" + }, + "boot": { + "description": "Immutable. Indicates that this is a boot disk.", + "type": "boolean" + }, + "deviceName": { + "description": "Immutable. A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.", + "type": "string" + }, + "diskEncryptionKey": { + "description": "Immutable. Encrypts or decrypts a disk using a customer-supplied encryption key.", + "properties": { + "kmsKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "diskName": { + "description": "Immutable. Name of the disk. When not provided, this defaults to the name of the instance.", + "type": "string" + }, + "diskSizeGb": { + "description": "Immutable. The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.", + "type": "integer" + }, + "diskType": { + "description": "Immutable. The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".", + "type": "string" + }, + "interface": { + "description": "Immutable. Specifies the disk interface to use for attaching this disk.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. A set of key/value label pairs to assign to disks,.", + "type": "object" + }, + "mode": { + "description": "Immutable. The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.", + "type": "string" + }, + "provisionedIops": { + "description": "Immutable. Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).", + "type": "integer" + }, + "resourcePolicies": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sourceDiskRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeDisk` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceImageEncryptionKey": { + "description": "Immutable. The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.", + "properties": { + "kmsKeySelfLinkRef": { + "description": "The self link of the encryption key that is stored in Google Cloud\nKMS.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyServiceAccountRef": { + "description": "The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service account\nis used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kmsKeySelfLinkRef" + ], + "type": "object", + "additionalProperties": false + }, + "sourceImageRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceSnapshotEncryptionKey": { + "description": "Immutable. The customer-supplied encryption key of the source snapshot.", + "properties": { + "kmsKeySelfLinkRef": { + "description": "The self link of the encryption key that is stored in Google Cloud\nKMS.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyServiceAccountRef": { + "description": "The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service account\nis used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kmsKeySelfLinkRef" + ], + "type": "object", + "additionalProperties": false + }, + "sourceSnapshotRef": { + "description": "The source snapshot to create this disk. When creating a new\ninstance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is required except for\nlocal SSD.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSnapshot` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "enableDisplay": { + "description": "Immutable. Enable Virtual Displays on this instance. Note: allow_stopping_for_update must be set to true in order to update this field.", + "type": "boolean" + }, + "guestAccelerator": { + "description": "Immutable. List of the type and count of accelerator cards attached to the instance.", + "items": { + "properties": { + "count": { + "description": "Immutable. The number of the guest accelerator cards exposed to this instance.", + "type": "integer" + }, + "type": { + "description": "Immutable. The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.", + "type": "string" + } + }, + "required": [ + "count", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "instanceDescription": { + "description": "Immutable. A description of the instance.", + "type": "string" + }, + "machineType": { + "description": "Immutable. The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.", + "type": "string" + }, + "metadata": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "metadataStartupScript": { + "description": "Immutable. An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.", + "type": "string" + }, + "namePrefix": { + "description": "Immutable. Creates a unique name beginning with the specified prefix. Conflicts with name.", + "type": "string" + }, + "networkInterface": { + "description": "Immutable. Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.", + "items": { + "properties": { + "accessConfig": { + "items": { + "properties": { + "natIpRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `address` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkTier": { + "description": "Immutable. The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.", + "type": "string" + }, + "publicPtrDomainName": { + "description": "The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "aliasIpRange": { + "description": "Immutable. An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.", + "items": { + "properties": { + "ipCidrRange": { + "description": "Immutable. The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.", + "type": "string" + }, + "subnetworkRangeName": { + "description": "Immutable. The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.", + "type": "string" + } + }, + "required": [ + "ipCidrRange" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "internalIpv6PrefixLength": { + "description": "The prefix length of the primary internal IPv6 range.", + "type": "integer" + }, + "ipv6AccessConfig": { + "description": "An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.", + "items": { + "properties": { + "externalIpv6": { + "description": "The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.", + "type": "string" + }, + "externalIpv6PrefixLength": { + "description": "The prefix length of the external IPv6 range.", + "type": "string" + }, + "name": { + "description": "The name of this access configuration.", + "type": "string" + }, + "networkTier": { + "description": "The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6.", + "type": "string" + }, + "publicPtrDomainName": { + "description": "The domain name to be used when creating DNSv6 records for the external IPv6 ranges.", + "type": "string" + } + }, + "required": [ + "networkTier" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "ipv6AccessType": { + "description": "One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.", + "type": "string" + }, + "ipv6Address": { + "description": "An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.", + "type": "string" + }, + "name": { + "description": "The name of the network_interface.", + "type": "string" + }, + "networkAttachment": { + "description": "Immutable. The URL of the network attachment that this interface should connect to in the following format: projects/{projectNumber}/regions/{region_name}/networkAttachments/{network_attachment_name}.", + "type": "string" + }, + "networkIp": { + "description": "Immutable. The private IP address to assign to the instance. If empty, the address will be automatically assigned.", + "type": "string" + }, + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nicType": { + "description": "Immutable. The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET.", + "type": "string" + }, + "queueCount": { + "description": "Immutable. The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.", + "type": "integer" + }, + "stackType": { + "description": "The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.", + "type": "string" + }, + "subnetworkProject": { + "description": "Immutable. The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.", + "type": "string" + }, + "subnetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "networkPerformanceConfig": { + "description": "Immutable. Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.", + "properties": { + "totalEgressBandwidthTier": { + "description": "Immutable. The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT.", + "type": "string" + } + }, + "required": [ + "totalEgressBandwidthTier" + ], + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.", + "type": "string" + }, + "reservationAffinity": { + "description": "Immutable. Specifies the reservations that this instance can consume from.", + "properties": { + "specificReservation": { + "description": "Immutable. Specifies the label selector for the reservation to use.", + "properties": { + "key": { + "description": "Immutable. Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.", + "type": "string" + }, + "values": { + "description": "Immutable. Corresponds to the label values of a reservation resource.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "values" + ], + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. The type of reservation from which this instance can consume resources.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "resourcePolicies": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "scheduling": { + "description": "Immutable. The scheduling strategy to use.", + "properties": { + "automaticRestart": { + "description": "Immutable. Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.", + "type": "boolean" + }, + "instanceTerminationAction": { + "description": "Immutable. Specifies the action GCE should take when SPOT VM is preempted.", + "type": "string" + }, + "localSsdRecoveryTimeout": { + "description": "Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.", + "items": { + "properties": { + "nanos": { + "description": "Immutable. Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Immutable. Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "maintenanceInterval": { + "description": "Specifies the frequency of planned maintenance events. The accepted values are: PERIODIC.", + "type": "string" + }, + "maxRunDuration": { + "description": "Immutable. The timeout for new network connections to hosts.", + "properties": { + "nanos": { + "description": "Immutable. Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Immutable. Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "minNodeCpus": { + "description": "Minimum number of cpus for the instance.", + "type": "integer" + }, + "nodeAffinities": { + "items": { + "properties": { + "value": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "onHostMaintenance": { + "description": "Immutable. Defines the maintenance behavior for this instance.", + "type": "string" + }, + "preemptible": { + "description": "Immutable. Allows instance to be preempted. This defaults to false.", + "type": "boolean" + }, + "provisioningModel": { + "description": "Immutable. Whether the instance is spot. If this is set as SPOT.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccount": { + "description": "Immutable. Service account to attach to the instance.", + "properties": { + "scopes": { + "description": "Immutable. A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.", + "items": { + "type": "string" + }, + "type": "array" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "scopes" + ], + "type": "object", + "additionalProperties": false + }, + "shieldedInstanceConfig": { + "description": "Immutable. Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.", + "properties": { + "enableIntegrityMonitoring": { + "description": "Immutable. Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.", + "type": "boolean" + }, + "enableSecureBoot": { + "description": "Immutable. Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.", + "type": "boolean" + }, + "enableVtpm": { + "description": "Immutable. Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "tags": { + "description": "Immutable. Tags to attach to the instance.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "disk", + "machineType" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "metadataFingerprint": { + "description": "The unique fingerprint of the metadata.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + }, + "selfLinkUnique": { + "description": "A special URI of the created resource that uniquely identifies this instance template.", + "type": "string" + }, + "tagsFingerprint": { + "description": "The unique fingerprint of the tags.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeinterconnectattachment_v1beta1.json b/compute.cnrm.cloud.google.com/computeinterconnectattachment_v1beta1.json new file mode 100644 index 00000000..e4e46277 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeinterconnectattachment_v1beta1.json @@ -0,0 +1,265 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "adminEnabled": { + "description": "Whether the VLAN attachment is enabled or disabled. When using\nPARTNER type this will Pre-Activate the interconnect attachment.", + "type": "boolean" + }, + "bandwidth": { + "description": "Provisioned bandwidth capacity for the interconnect attachment.\nFor attachments of type DEDICATED, the user can set the bandwidth.\nFor attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth.\nOutput only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,\nDefaults to BPS_10G Possible values: [\"BPS_50M\", \"BPS_100M\", \"BPS_200M\", \"BPS_300M\", \"BPS_400M\", \"BPS_500M\", \"BPS_1G\", \"BPS_2G\", \"BPS_5G\", \"BPS_10G\", \"BPS_20G\", \"BPS_50G\"].", + "type": "string" + }, + "candidateSubnets": { + "description": "Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation\nof cloudRouterIpAddress and customerRouterIpAddress for this attachment.\nAll prefixes must be within link-local address space (169.254.0.0/16)\nand must be /29 or shorter (/28, /27, etc). Google will attempt to select\nan unused /29 from the supplied candidate prefix(es). The request will\nfail if all possible /29s are in use on Google's edge. If not supplied,\nGoogle will randomly select an unused /29 from all of link-local space.", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "description": "An optional description of this resource.", + "type": "string" + }, + "edgeAvailabilityDomain": { + "description": "Immutable. Desired availability domain for the attachment. Only available for type\nPARTNER, at creation time. For improved reliability, customers should\nconfigure a pair of attachments with one per availability domain. The\nselected availability domain will be provided to the Partner via the\npairing key so that the provisioned circuit will lie in the specified\ndomain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.", + "type": "string" + }, + "encryption": { + "description": "Immutable. Indicates the user-supplied encryption option of this interconnect\nattachment. Can only be specified at attachment creation for PARTNER or\nDEDICATED attachments.\n\n* NONE - This is the default value, which means that the VLAN attachment\ncarries unencrypted traffic. VMs are able to send traffic to, or receive\ntraffic from, such a VLAN attachment.\n\n* IPSEC - The VLAN attachment carries only encrypted traffic that is\nencrypted by an IPsec device, such as an HA VPN gateway or third-party\nIPsec VPN. VMs cannot directly send traffic to, or receive traffic from,\nsuch a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN\nattachment must be created with this option. Default value: \"NONE\" Possible values: [\"NONE\", \"IPSEC\"].", + "type": "string" + }, + "interconnect": { + "description": "Immutable. URL of the underlying Interconnect object that this attachment's\ntraffic will traverse through. Required if type is DEDICATED, must not\nbe set if type is PARTNER.", + "type": "string" + }, + "ipsecInternalAddresses": { + "items": { + "description": "Immutable. The addresses that have been reserved for the\ninterconnect attachment. Used only for interconnect attachment that\nhas the encryption option as IPSEC.\n\nThe addresses must be RFC 1918 IP address ranges. When creating HA\nVPN gateway over the interconnect attachment, if the attachment is\nconfigured to use an RFC 1918 IP address, then the VPN gateway's IP\naddress will be allocated from the IP address range specified\nhere.\n\nFor example, if the HA VPN gateway's interface 0 is paired to this\ninterconnect attachment, then an RFC 1918 IP address for the VPN\ngateway interface 0 will be allocated from the IP address specified\nfor this interconnect attachment.\n\nIf this field is not specified for interconnect attachment that has\nencryption option as IPSEC, later on when creating HA VPN gateway on\nthis interconnect attachment, the HA VPN gateway's IP address will\nbe allocated from regional external IP address pool.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "mtu": { + "description": "Maximum Transmission Unit (MTU), in bytes, of packets passing through\nthis interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440.", + "type": "string" + }, + "region": { + "description": "Region where the regional interconnect attachment resides.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "routerRef": { + "description": "The Cloud Router to be used for dynamic routing. This router must\nbe in the same region as this ComputeInterconnectAttachment. The\nComputeInterconnectAttachment will automatically connect the\ninterconnect to the network & region within which the Cloud Router\nis configured.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeRouter` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. The type of InterconnectAttachment you wish to create. Defaults to\nDEDICATED. Possible values: [\"DEDICATED\", \"PARTNER\", \"PARTNER_PROVIDER\"].", + "type": "string" + }, + "vlanTag8021q": { + "description": "Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When\nusing PARTNER type this will be managed upstream.", + "type": "integer" + } + }, + "required": [ + "region", + "routerRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "cloudRouterIpAddress": { + "description": "IPv4 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "customerRouterIpAddress": { + "description": "IPv4 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.", + "type": "string" + }, + "googleReferenceId": { + "description": "Google reference ID, to be used when raising support tickets with\nGoogle or otherwise to debug backend connectivity issues.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "pairingKey": { + "description": "[Output only for type PARTNER. Not present for DEDICATED]. The opaque\nidentifier of an PARTNER attachment used to initiate provisioning with\na selected partner. Of the form \"XXXXX/region/domain\".", + "type": "string" + }, + "partnerAsn": { + "description": "[Output only for type PARTNER. Not present for DEDICATED]. Optional\nBGP ASN for the router that should be supplied by a layer 3 Partner if\nthey configured BGP on behalf of the customer.", + "type": "string" + }, + "privateInterconnectInfo": { + "description": "Information specific to an InterconnectAttachment. This property\nis populated if the interconnect that this is attached to is of type DEDICATED.", + "properties": { + "tag8021q": { + "description": "802.1q encapsulation tag to be used for traffic between\nGoogle and the customer, going to and from this network and region.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "selfLink": { + "type": "string" + }, + "state": { + "description": "[Output Only] The current state of this attachment's functionality.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computenetwork_v1beta1.json b/compute.cnrm.cloud.google.com/computenetwork_v1beta1.json new file mode 100644 index 00000000..28015e9e --- /dev/null +++ b/compute.cnrm.cloud.google.com/computenetwork_v1beta1.json @@ -0,0 +1,105 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "autoCreateSubnetworks": { + "description": "Immutable. When set to 'true', the network is created in \"auto subnet mode\" and\nit will create a subnet for each region automatically across the\n'10.128.0.0/9' address range.\n\nWhen set to 'false', the network is created in \"custom subnet mode\" so\nthe user can explicitly connect subnetwork resources.", + "type": "boolean" + }, + "deleteDefaultRoutesOnCreate": { + "description": "If set to 'true', default routes ('0.0.0.0/0') will be deleted\nimmediately after network creation. Defaults to 'false'.", + "type": "boolean" + }, + "description": { + "description": "Immutable. An optional description of this resource. The resource must be\nrecreated to modify this field.", + "type": "string" + }, + "enableUlaInternalIpv6": { + "description": "Immutable. Enable ULA internal ipv6 on this network. Enabling this feature will assign\na /48 from google defined ULA prefix fd20::/20.", + "type": "boolean" + }, + "internalIpv6Range": { + "description": "Immutable. When enabling ula internal ipv6, caller optionally can specify the /48 range\nthey want from the google defined ULA prefix fd20::/20. The input must be a\nvalid /48 ULA IPv6 address and must be within the fd20::/20. Operation will\nfail if the speficied /48 is already in used by another resource.\nIf the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field.", + "type": "string" + }, + "mtu": { + "description": "Immutable. Maximum Transmission Unit in bytes. The default value is 1460 bytes.\nThe minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames).\nNote that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs\nwith varying MTUs.", + "type": "integer" + }, + "networkFirewallPolicyEnforcementOrder": { + "description": "Set the order that Firewall Rules and Firewall Policies are evaluated. Default value: \"AFTER_CLASSIC_FIREWALL\" Possible values: [\"BEFORE_CLASSIC_FIREWALL\", \"AFTER_CLASSIC_FIREWALL\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "routingMode": { + "description": "The network-wide routing mode to use. If set to 'REGIONAL', this\nnetwork's cloud routers will only advertise routes with subnetworks\nof this network in the same region as the router. If set to 'GLOBAL',\nthis network's cloud routers will advertise routes with all\nsubnetworks of this network, across regions. Possible values: [\"REGIONAL\", \"GLOBAL\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "gatewayIpv4": { + "description": "The gateway address for default routing out of the network. This value\nis selected by GCP.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computenetworkendpointgroup_v1beta1.json b/compute.cnrm.cloud.google.com/computenetworkendpointgroup_v1beta1.json new file mode 100644 index 00000000..ac722d52 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computenetworkendpointgroup_v1beta1.json @@ -0,0 +1,196 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "defaultPort": { + "description": "Immutable. The default port used if the port number is not specified in the\nnetwork endpoint.", + "type": "integer" + }, + "description": { + "description": "Immutable. An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "location": { + "description": "Location represents the geographical location of the ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "networkEndpointType": { + "description": "Immutable. Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\"].", + "type": "string" + }, + "networkRef": { + "description": "The network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "subnetworkRef": { + "description": "Optional subnetwork to which all network endpoints in the NEG belong.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "networkRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + }, + "size": { + "description": "Number of network endpoints in the network endpoint group.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computenetworkfirewallpolicy_v1beta1.json b/compute.cnrm.cloud.google.com/computenetworkfirewallpolicy_v1beta1.json new file mode 100644 index 00000000..8fa5321a --- /dev/null +++ b/compute.cnrm.cloud.google.com/computenetworkfirewallpolicy_v1beta1.json @@ -0,0 +1,150 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "fingerprint": { + "description": "Fingerprint of the resource. This field is used internally during updates of this resource.", + "type": "string" + }, + "networkFirewallPolicyId": { + "description": "The unique identifier for the resource. This identifier is defined by the server.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "ruleTupleCount": { + "description": "Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.", + "type": "integer" + }, + "selfLink": { + "description": "Server-defined URL for the resource.", + "type": "string" + }, + "selfLinkWithId": { + "description": "Server-defined URL for this resource with the resource id.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computenetworkpeering_v1beta1.json b/compute.cnrm.cloud.google.com/computenetworkpeering_v1beta1.json new file mode 100644 index 00000000..7d5a0e93 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computenetworkpeering_v1beta1.json @@ -0,0 +1,199 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "exportCustomRoutes": { + "description": "Whether to export the custom routes to the peer network. Defaults to false.", + "type": "boolean" + }, + "exportSubnetRoutesWithPublicIp": { + "description": "Immutable.", + "type": "boolean" + }, + "importCustomRoutes": { + "description": "Whether to export the custom routes from the peer network. Defaults to false.", + "type": "boolean" + }, + "importSubnetRoutesWithPublicIp": { + "description": "Immutable.", + "type": "boolean" + }, + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "peerNetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "stackType": { + "description": "Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"].", + "type": "string" + } + }, + "required": [ + "networkRef", + "peerNetworkRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.", + "type": "string" + }, + "stateDetails": { + "description": "Details about the current state of the peering.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computenodegroup_v1beta1.json b/compute.cnrm.cloud.google.com/computenodegroup_v1beta1.json new file mode 100644 index 00000000..3eaa7d0d --- /dev/null +++ b/compute.cnrm.cloud.google.com/computenodegroup_v1beta1.json @@ -0,0 +1,311 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "autoscalingPolicy": { + "description": "Immutable. If you use sole-tenant nodes for your workloads, you can use the node\ngroup autoscaler to automatically manage the sizes of your node groups.", + "properties": { + "maxNodes": { + "description": "Immutable. Maximum size of the node group. Set to a value less than or equal\nto 100 and greater than or equal to min-nodes.", + "type": "integer" + }, + "minNodes": { + "description": "Immutable. Minimum size of the node group. Must be less\nthan or equal to max-nodes. The default value is 0.", + "type": "integer" + }, + "mode": { + "description": "Immutable. The autoscaling mode. Set to one of the following:\n - OFF: Disables the autoscaler.\n - ON: Enables scaling in and scaling out.\n - ONLY_SCALE_OUT: Enables only scaling out.\n You must use this mode if your node groups are configured to\n restart their hosted VMs on minimal servers. Possible values: [\"OFF\", \"ON\", \"ONLY_SCALE_OUT\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. An optional textual description of the resource.", + "type": "string" + }, + "initialSize": { + "description": "Immutable. The initial number of nodes in the node group. One of 'initial_size' or 'size' must be specified.", + "type": "integer" + }, + "maintenancePolicy": { + "description": "Immutable. Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT.", + "type": "string" + }, + "maintenanceWindow": { + "description": "Immutable. contains properties for the timeframe of maintenance.", + "properties": { + "startTime": { + "description": "Immutable. instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.", + "type": "string" + } + }, + "required": [ + "startTime" + ], + "type": "object", + "additionalProperties": false + }, + "nodeTemplateRef": { + "description": "The node template to which this node group belongs.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNodeTemplate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "shareSettings": { + "description": "Immutable. Share settings for the node group.", + "properties": { + "projectMap": { + "description": "Immutable. A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.", + "items": { + "properties": { + "idRef": { + "description": "The key of this project config in the parent map.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectIdRef": { + "description": "The project id/number should be the same as the key of this project\nconfig in the project map.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "idRef", + "projectIdRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "shareType": { + "description": "Immutable. Node group sharing type. Possible values: [\"ORGANIZATION\", \"SPECIFIC_PROJECTS\", \"LOCAL\"].", + "type": "string" + } + }, + "required": [ + "shareType" + ], + "type": "object", + "additionalProperties": false + }, + "size": { + "description": "Immutable. The total number of nodes in the node group. One of 'initial_size' or 'size' must be specified.", + "type": "integer" + }, + "zone": { + "description": "Immutable. Zone where this node group is located.", + "type": "string" + } + }, + "required": [ + "nodeTemplateRef", + "zone" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computenodetemplate_v1beta1.json b/compute.cnrm.cloud.google.com/computenodetemplate_v1beta1.json new file mode 100644 index 00000000..9f61c427 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computenodetemplate_v1beta1.json @@ -0,0 +1,128 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "cpuOvercommitType": { + "description": "Immutable. CPU overcommit. Default value: \"NONE\" Possible values: [\"ENABLED\", \"NONE\"].", + "type": "string" + }, + "description": { + "description": "Immutable. An optional textual description of the resource.", + "type": "string" + }, + "nodeType": { + "description": "Immutable. Node type to use for nodes group that are created from this template.\nOnly one of nodeTypeFlexibility and nodeType can be specified.", + "type": "string" + }, + "nodeTypeFlexibility": { + "description": "Immutable. Flexible properties for the desired node type. Node groups that\nuse this node template will create nodes of a type that matches\nthese properties. Only one of nodeTypeFlexibility and nodeType can\nbe specified.", + "properties": { + "cpus": { + "description": "Immutable. Number of virtual CPUs to use.", + "type": "string" + }, + "localSsd": { + "description": "Use local SSD.", + "type": "string" + }, + "memory": { + "description": "Immutable. Physical memory available to the node, defined in MB.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. Region where nodes using the node template will be created.\nIf it is not provided, the provider region is used.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serverBinding": { + "description": "Immutable. The server binding policy for nodes using this template. Determines\nwhere the nodes should restart following a maintenance event.", + "properties": { + "type": { + "description": "Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER',\nnodes using this template will restart on any physical server\nfollowing a maintenance event.\n\nIf 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template\nwill restart on the same physical server following a maintenance\nevent, instead of being live migrated to or restarted on a new\nphysical server. This option may be useful if you are using\nsoftware licenses tied to the underlying server characteristics\nsuch as physical sockets or cores, to avoid the need for\nadditional licenses when maintenance occurs. However, VMs on such\nnodes will experience outages while maintenance is applied. Possible values: [\"RESTART_NODE_ON_ANY_SERVER\", \"RESTART_NODE_ON_MINIMAL_SERVERS\"].", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computepacketmirroring_v1beta1.json b/compute.cnrm.cloud.google.com/computepacketmirroring_v1beta1.json new file mode 100644 index 00000000..8a0f6df2 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computepacketmirroring_v1beta1.json @@ -0,0 +1,461 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "collectorIlb": { + "description": "The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` that will be used as collector for mirrored traffic. The specified forwarding rule must have `isMirroringCollector` set to true.", + "properties": { + "urlRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic.\n\nAllowed value: The `selfLink` field of a `ComputeForwardingRule` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "urlRef" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "enable": { + "description": "Indicates whether or not this packet mirroring takes effect. If set to FALSE, this packet mirroring policy will not be enforced on the network. The default is TRUE.", + "type": "string" + }, + "filter": { + "description": "Filter for mirrored traffic. If unspecified, all traffic is mirrored.", + "properties": { + "cidrRanges": { + "description": "IP CIDR ranges that apply as filter on the source (ingress) or destination (egress) IP in the IP header. Only IPv4 is supported. If no ranges are specified, all traffic that matches the specified IPProtocols is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "direction": { + "description": "Direction of traffic to mirror, either INGRESS, EGRESS, or BOTH. The default is BOTH.", + "type": "string" + }, + "ipProtocols": { + "description": "Protocols that apply as filter on mirrored traffic. If no protocols are specified, all traffic that matches the specified CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is specified, all traffic is mirrored.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "mirroredResources": { + "description": "PacketMirroring mirroredResourceInfos. MirroredResourceInfo specifies a set of mirrored VM instances, subnetworks and/or tags for which traffic from/to all VM instances will be mirrored.", + "properties": { + "instances": { + "description": "A set of virtual machine instances that are being mirrored. They must live in zones contained in the same region as this packetMirroring. Note that this config will apply only to those network interfaces of the Instances that belong to the network specified in this packetMirroring. You may specify a maximum of 50 Instances.", + "items": { + "properties": { + "canonicalUrl": { + "description": "Immutable. Output only. Unique identifier for the instance; defined by the server.", + "type": "string" + }, + "urlRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Resource URL to the virtual machine instance which is being mirrored.\n\nAllowed value: The `selfLink` field of a `ComputeInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "subnetworks": { + "description": "Immutable. A set of subnetworks for which traffic from/to all VM instances will be mirrored. They must live in the same region as this packetMirroring. You may specify a maximum of 5 subnetworks.", + "items": { + "properties": { + "canonicalUrl": { + "description": "Immutable. Output only. Unique identifier for the subnetwork; defined by the server.", + "type": "string" + }, + "urlRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored.\n\nAllowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "tags": { + "description": "A set of mirrored tags. Traffic from/to all VM instances that have one or more of these tags will be mirrored.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "network": { + "description": "Immutable. Specifies the mirrored VPC network. Only packets in this network will be mirrored. All mirrored VMs should have a NIC in the given network. All mirrored subnetworks should belong to the given network.", + "properties": { + "urlRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "URL of the network resource.\n\nAllowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "urlRef" + ], + "type": "object", + "additionalProperties": false + }, + "priority": { + "description": "The priority of applying this configuration. Priority is used to break ties in cases where there is more than one matching rule. In the case of two rules that apply for a given Instance, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535.", + "format": "int64", + "type": "integer" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "collectorIlb", + "location", + "mirroredResources", + "network", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "collectorIlb": { + "properties": { + "canonicalUrl": { + "description": "Output only. Unique identifier for the forwarding rule; defined by the server.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "id": { + "description": "Output only. The unique identifier for the resource. This identifier is defined by the server.", + "format": "int64", + "type": "integer" + }, + "network": { + "properties": { + "canonicalUrl": { + "description": "Output only. Unique identifier for the network; defined by the server.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "region": { + "description": "URI of the region where the packetMirroring resides.", + "type": "string" + }, + "selfLink": { + "description": "Server-defined URL for the resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeprojectmetadata_v1beta1.json b/compute.cnrm.cloud.google.com/computeprojectmetadata_v1beta1.json new file mode 100644 index 00000000..5c2d39a5 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeprojectmetadata_v1beta1.json @@ -0,0 +1,75 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "metadata": { + "additionalProperties": { + "type": "string" + }, + "description": "A series of key value pairs.", + "type": "object" + } + }, + "required": [ + "metadata" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeregionnetworkendpointgroup_v1beta1.json b/compute.cnrm.cloud.google.com/computeregionnetworkendpointgroup_v1beta1.json new file mode 100644 index 00000000..f659eca6 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeregionnetworkendpointgroup_v1beta1.json @@ -0,0 +1,317 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "cloudFunction": { + "description": "Immutable. Only valid when networkEndpointType is \"SERVERLESS\".\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.", + "properties": { + "functionRef": { + "description": "Immutable. A user-defined name of the Cloud Function.\nThe function name is case-sensitive and must be 1-63 characters long.\nExample value: \"func1\".", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CloudFunctionsFunction` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "urlMask": { + "description": "Immutable. A template to parse function field from a request URL. URL mask allows\nfor routing to multiple Cloud Functions without having to create\nmultiple Network Endpoint Groups and backend services.\n\nFor example, request URLs \"mydomain.com/function1\" and \"mydomain.com/function2\"\ncan be backed by the same Serverless NEG with URL mask \"/\". The URL mask\nwill parse them to { function = \"function1\" } and { function = \"function2\" } respectively.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cloudRun": { + "description": "Immutable. Only valid when networkEndpointType is \"SERVERLESS\".\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.", + "properties": { + "serviceRef": { + "description": "Immutable. Cloud Run service is the main resource of Cloud Run.\nThe service must be 1-63 characters long, and comply with RFC1035.\nExample value: \"run-service\".", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `RunService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tag": { + "description": "Immutable. Cloud Run tag represents the \"named-revision\" to provide\nadditional fine-grained traffic routing information.\nThe tag must be 1-63 characters long, and comply with RFC1035.\nExample value: \"revision-0010\".", + "type": "string" + }, + "urlMask": { + "description": "Immutable. A template to parse service and tag fields from a request URL.\nURL mask allows for routing to multiple Run services without having\nto create multiple network endpoint groups and backend services.\n\nFor example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\"\nan be backed by the same Serverless Network Endpoint Group (NEG) with\nURL mask \".domain.com/\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" }\nand { service=\"bar2\", tag=\"foo2\" } respectively.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "networkEndpointType": { + "description": "Immutable. Type of network endpoints in this network endpoint group. Defaults to SERVERLESS Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"].", + "type": "string" + }, + "networkRef": { + "description": "Immutable. This field is only used for PSC.\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "pscTargetService": { + "description": "Immutable. The target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.", + "type": "string" + }, + "region": { + "description": "Immutable. A reference to the region where the Serverless NEGs Reside.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "subnetworkRef": { + "description": "Immutable. This field is only used for PSC.\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computereservation_v1beta1.json b/compute.cnrm.cloud.google.com/computereservation_v1beta1.json new file mode 100644 index 00000000..dcb4d67d --- /dev/null +++ b/compute.cnrm.cloud.google.com/computereservation_v1beta1.json @@ -0,0 +1,180 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "specificReservation": { + "description": "Reservation for instances with specific machine shapes.", + "properties": { + "count": { + "description": "The number of resources that are allocated.", + "type": "integer" + }, + "inUseCount": { + "description": "How many instances are in use.", + "type": "integer" + }, + "instanceProperties": { + "description": "Immutable. The instance properties for the reservation.", + "properties": { + "guestAccelerators": { + "description": "Immutable. Guest accelerator type and count.", + "items": { + "properties": { + "acceleratorCount": { + "description": "Immutable. The number of the guest accelerator cards exposed to\nthis instance.", + "type": "integer" + }, + "acceleratorType": { + "description": "Immutable. The full or partial URL of the accelerator type to\nattach to this instance. For example:\n'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100'\n\nIf you are creating an instance template, specify only the accelerator name.", + "type": "string" + } + }, + "required": [ + "acceleratorCount", + "acceleratorType" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "localSsds": { + "description": "Immutable. The amount of local ssd to reserve with each instance. This\nreserves disks of type 'local-ssd'.", + "items": { + "properties": { + "diskSizeGb": { + "description": "Immutable. The size of the disk in base-2 GB.", + "type": "integer" + }, + "interface": { + "description": "Immutable. The disk interface to use for attaching this disk. Default value: \"SCSI\" Possible values: [\"SCSI\", \"NVME\"].", + "type": "string" + } + }, + "required": [ + "diskSizeGb" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "machineType": { + "description": "Immutable. The name of the machine type to reserve.", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. The minimum CPU platform for the reservation. For example,\n'\"Intel Skylake\"'. See\nthe CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones)\nfor information on available CPU platforms.", + "type": "string" + } + }, + "required": [ + "machineType" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "count", + "instanceProperties" + ], + "type": "object", + "additionalProperties": false + }, + "specificReservationRequired": { + "description": "Immutable. When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.", + "type": "boolean" + }, + "zone": { + "description": "Immutable. The zone where the reservation is made.", + "type": "string" + } + }, + "required": [ + "specificReservation", + "zone" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "commitment": { + "description": "Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + }, + "status": { + "description": "The status of the reservation.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeresourcepolicy_v1beta1.json b/compute.cnrm.cloud.google.com/computeresourcepolicy_v1beta1.json new file mode 100644 index 00000000..5a400ae8 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeresourcepolicy_v1beta1.json @@ -0,0 +1,304 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "diskConsistencyGroupPolicy": { + "description": "Immutable. Replication consistency group for asynchronous disk replication.", + "properties": { + "enabled": { + "description": "Immutable. Enable disk consistency on the resource policy.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "groupPlacementPolicy": { + "description": "Immutable. Resource policy for instances used for placement configuration.", + "properties": { + "availabilityDomainCount": { + "description": "Immutable. The number of availability domains instances will be spread across. If two instances are in different\navailability domain, they will not be put in the same low latency network.", + "type": "integer" + }, + "collocation": { + "description": "Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network.\nSpecify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created\nwith a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy\nattached. Possible values: [\"COLLOCATED\"].", + "type": "string" + }, + "maxDistance": { + "description": "Immutable. Specifies the number of max logical switches.", + "type": "integer" + }, + "vmCount": { + "description": "Immutable. Number of VMs in this placement group. Google does not recommend that you use this field\nunless you use a compact policy and you want your policy to work only if it contains this\nexact number of VMs.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "instanceSchedulePolicy": { + "description": "Immutable. Resource policy for scheduling instance operations.", + "properties": { + "expirationTime": { + "description": "Immutable. The expiration time of the schedule. The timestamp is an RFC3339 string.", + "type": "string" + }, + "startTime": { + "description": "Immutable. The start time of the schedule. The timestamp is an RFC3339 string.", + "type": "string" + }, + "timeZone": { + "description": "Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name\nfrom the tz database: http://en.wikipedia.org/wiki/Tz_database.", + "type": "string" + }, + "vmStartSchedule": { + "description": "Immutable. Specifies the schedule for starting instances.", + "properties": { + "schedule": { + "description": "Immutable. Specifies the frequency for the operation, using the unix-cron format.", + "type": "string" + } + }, + "required": [ + "schedule" + ], + "type": "object", + "additionalProperties": false + }, + "vmStopSchedule": { + "description": "Immutable. Specifies the schedule for stopping instances.", + "properties": { + "schedule": { + "description": "Immutable. Specifies the frequency for the operation, using the unix-cron format.", + "type": "string" + } + }, + "required": [ + "schedule" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeZone" + ], + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. Region where resource policy resides.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "snapshotSchedulePolicy": { + "description": "Immutable. Policy for creating snapshots of persistent disks.", + "properties": { + "retentionPolicy": { + "description": "Immutable. Retention policy applied to snapshots created by this resource policy.", + "properties": { + "maxRetentionDays": { + "description": "Immutable. Maximum age of the snapshot that is allowed to be kept.", + "type": "integer" + }, + "onSourceDiskDelete": { + "description": "Immutable. Specifies the behavior to apply to scheduled snapshots when\nthe source disk is deleted. Default value: \"KEEP_AUTO_SNAPSHOTS\" Possible values: [\"KEEP_AUTO_SNAPSHOTS\", \"APPLY_RETENTION_POLICY\"].", + "type": "string" + } + }, + "required": [ + "maxRetentionDays" + ], + "type": "object", + "additionalProperties": false + }, + "schedule": { + "description": "Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'.", + "properties": { + "dailySchedule": { + "description": "Immutable. The policy will execute every nth day at the specified time.", + "properties": { + "daysInCycle": { + "description": "Immutable. Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle. Days in cycle for snapshot schedule policy must be 1.", + "type": "integer" + }, + "startTime": { + "description": "Immutable. This must be in UTC format that resolves to one of\n00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example,\nboth 13:00-5 and 08:00 are valid.", + "type": "string" + } + }, + "required": [ + "daysInCycle", + "startTime" + ], + "type": "object", + "additionalProperties": false + }, + "hourlySchedule": { + "description": "Immutable. The policy will execute every nth hour starting at the specified time.", + "properties": { + "hoursInCycle": { + "description": "Immutable. The number of hours between snapshots.", + "type": "integer" + }, + "startTime": { + "description": "Immutable. Time within the window to start the operations.\nIt must be in an hourly format \"HH:MM\",\nwhere HH : [00-23] and MM : [00] GMT.\neg: 21:00.", + "type": "string" + } + }, + "required": [ + "hoursInCycle", + "startTime" + ], + "type": "object", + "additionalProperties": false + }, + "weeklySchedule": { + "description": "Immutable. Allows specifying a snapshot time for each day of the week.", + "properties": { + "dayOfWeeks": { + "description": "Immutable. May contain up to seven (one for each day of the week) snapshot times.", + "items": { + "properties": { + "day": { + "description": "Immutable. The day of the week to create the snapshot. e.g. MONDAY Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"].", + "type": "string" + }, + "startTime": { + "description": "Immutable. Time within the window to start the operations.\nIt must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.", + "type": "string" + } + }, + "required": [ + "day", + "startTime" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "dayOfWeeks" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "snapshotProperties": { + "description": "Immutable. Properties with which the snapshots are created, such as labels.", + "properties": { + "chainName": { + "description": "Immutable. Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and comply\nwith RFC1035.", + "type": "string" + }, + "guestFlush": { + "description": "Immutable. Whether to perform a 'guest aware' snapshot.", + "type": "boolean" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. A set of key-value pairs.", + "type": "object" + }, + "storageLocations": { + "description": "Immutable. Cloud Storage bucket location to store the auto snapshot\n(regional or multi-regional).", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "schedule" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeroute_v1beta1.json b/compute.cnrm.cloud.google.com/computeroute_v1beta1.json new file mode 100644 index 00000000..38a4355e --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeroute_v1beta1.json @@ -0,0 +1,307 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource. Provide this property\nwhen you create the resource.", + "type": "string" + }, + "destRange": { + "description": "Immutable. The destination range of outgoing packets that this route applies to.\nOnly IPv4 is supported.", + "type": "string" + }, + "networkRef": { + "description": "The network that this route applies to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nextHopGateway": { + "description": "Immutable. URL to a gateway that should handle matching packets.\nCurrently, you can only specify the internet gateway, using a full or\npartial valid URL:\n* 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway'\n* 'projects/project/global/gateways/default-internet-gateway'\n* 'global/gateways/default-internet-gateway'\n* The string 'default-internet-gateway'.", + "type": "string" + }, + "nextHopILBRef": { + "description": "A forwarding rule of type loadBalancingScheme=INTERNAL that should\nhandle matching packets. Note that this can only be used when the\ndestinationRange is a public (non-RFC 1918) IP CIDR range.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nextHopInstanceRef": { + "description": "Instance that should handle matching packets.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nextHopIp": { + "description": "Immutable. Network IP address of an instance that should handle matching packets.", + "type": "string" + }, + "nextHopVPNTunnelRef": { + "description": "The ComputeVPNTunnel that should handle matching packets", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeVPNTunnel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "priority": { + "description": "Immutable. The priority of this route. Priority is used to break ties in cases\nwhere there is more than one matching route of equal prefix length.\n\nIn the case of two routes with equal prefix length, the one with the\nlowest-numbered priority value wins.\n\nDefault value is 1000. Valid range is 0 through 65535.", + "type": "integer" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "tags": { + "description": "Immutable. A list of instance tags to which this route applies.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "destRange", + "networkRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "nextHopNetwork": { + "description": "URL to a Network that should handle matching packets.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computerouter_v1beta1.json b/compute.cnrm.cloud.google.com/computerouter_v1beta1.json new file mode 100644 index 00000000..7f2440bf --- /dev/null +++ b/compute.cnrm.cloud.google.com/computerouter_v1beta1.json @@ -0,0 +1,192 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "bgp": { + "description": "BGP information specific to this router.", + "properties": { + "advertiseMode": { + "description": "User-specified flag to indicate which mode to use for advertisement. Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"].", + "type": "string" + }, + "advertisedGroups": { + "description": "User-specified list of prefix groups to advertise in custom mode.\nThis field can only be populated if advertiseMode is CUSTOM and\nis advertised to all peers of the router. These groups will be\nadvertised in addition to any specified prefixes. Leave this field\nblank to advertise no custom groups.\n\nThis enum field has the one valid value: ALL_SUBNETS.", + "items": { + "type": "string" + }, + "type": "array" + }, + "advertisedIpRanges": { + "description": "User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis CUSTOM and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.", + "items": { + "properties": { + "description": { + "description": "User-specified description for the IP range.", + "type": "string" + }, + "range": { + "description": "The IP range to advertise. The value must be a\nCIDR-formatted string.", + "type": "string" + } + }, + "required": [ + "range" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "asn": { + "description": "Local BGP Autonomous System Number (ASN). Must be an RFC6996\nprivate ASN, either 16-bit or 32-bit. The value will be fixed for\nthis router resource. All VPN tunnels that link to this router\nwill have the same local ASN.", + "type": "integer" + }, + "keepaliveInterval": { + "description": "The interval in seconds between BGP keepalive messages that are sent\nto the peer. Hold time is three times the interval at which keepalive\nmessages are sent, and the hold time is the maximum number of seconds\nallowed to elapse between successive keepalive messages that BGP\nreceives from a peer.\n\nBGP will use the smaller of either the local hold time value or the\npeer's hold time value as the hold time for the BGP connection\nbetween the two peers. If set, this value must be between 20 and 60.\nThe default is 20.", + "type": "integer" + } + }, + "required": [ + "asn" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "An optional description of this resource.", + "type": "string" + }, + "encryptedInterconnectRouter": { + "description": "Immutable. Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).", + "type": "boolean" + }, + "networkRef": { + "description": "A reference to the network to which this router belongs.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. Region where the router resides.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "networkRef", + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computerouterinterface_v1beta1.json b/compute.cnrm.cloud.google.com/computerouterinterface_v1beta1.json new file mode 100644 index 00000000..9d25ed58 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computerouterinterface_v1beta1.json @@ -0,0 +1,376 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "interconnectAttachmentRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeInterconnectAttachment` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ipRange": { + "description": "Immutable. The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created.", + "type": "string" + }, + "privateIpAddressRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `address` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "redundantInterfaceRef": { + "description": "The interface the BGP peer is associated with.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeRouterInterface` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. The region this interface's router sits in. If not specified, the project region will be used. Changing this forces a new interface to be created.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "routerRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeRouter` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subnetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "vpnTunnelRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeVPNTunnel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "region", + "routerRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computerouternat_v1beta1.json b/compute.cnrm.cloud.google.com/computerouternat_v1beta1.json new file mode 100644 index 00000000..0c4a410f --- /dev/null +++ b/compute.cnrm.cloud.google.com/computerouternat_v1beta1.json @@ -0,0 +1,515 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "drainNatIps": { + "items": { + "description": "A list of IP resources to be drained. These IPs must be valid\nstatic external IPs that have been assigned to the NAT.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "enableDynamicPortAllocation": { + "description": "Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.", + "type": "boolean" + }, + "enableEndpointIndependentMapping": { + "description": "Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information\nsee the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).", + "type": "boolean" + }, + "icmpIdleTimeoutSec": { + "description": "Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.", + "type": "integer" + }, + "logConfig": { + "description": "Configuration for logging on NAT.", + "properties": { + "enable": { + "description": "Indicates whether or not to export logs.", + "type": "boolean" + }, + "filter": { + "description": "Specifies the desired filtering of logs on this NAT. Possible values: [\"ERRORS_ONLY\", \"TRANSLATIONS_ONLY\", \"ALL\"].", + "type": "string" + } + }, + "required": [ + "enable", + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "maxPortsPerVm": { + "description": "Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.", + "type": "integer" + }, + "minPortsPerVm": { + "description": "Minimum number of ports allocated to a VM from this NAT.", + "type": "integer" + }, + "natIpAllocateOption": { + "description": "How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"].", + "type": "string" + }, + "natIps": { + "items": { + "description": "NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "region": { + "description": "Immutable. Region where the router and NAT reside.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "routerRef": { + "description": "The Cloud Router in which this NAT will be configured.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeRouter` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "rules": { + "description": "A list of rules associated with this NAT.", + "items": { + "properties": { + "action": { + "description": "The action to be enforced for traffic that matches this rule.", + "properties": { + "sourceNatActiveIpsRefs": { + "items": { + "description": "A list of URLs of the IP resources used for this NAT rule. These IP\naddresses must be valid static external IP addresses assigned to the\nproject. This field is used for public NAT.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sourceNatDrainIpsRefs": { + "items": { + "description": "A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT. These\nIPs should be used for updating/patching a NAT rule only. This field\nis used for public NAT.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "An optional description of this rule.", + "type": "string" + }, + "match": { + "description": "CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.\nIf it evaluates to true, the corresponding action is enforced.\n\nThe following examples are valid match expressions for public NAT:\n\n\"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\"\n\n\"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\"\n\nThe following example is a valid match expression for private NAT:\n\n\"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\".", + "type": "string" + }, + "ruleNumber": { + "description": "An integer uniquely identifying a rule in the list.\nThe rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.", + "type": "integer" + } + }, + "required": [ + "match", + "ruleNumber" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sourceSubnetworkIpRangesToNat": { + "description": "How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"].", + "type": "string" + }, + "subnetwork": { + "description": "One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'.", + "items": { + "properties": { + "secondaryIpRangeNames": { + "description": "List of the secondary ranges of the subnetwork that are allowed\nto use NAT. This can be populated only if\n'LIST_OF_SECONDARY_IP_RANGES' is one of the values in\nsourceIpRangesToNat.", + "items": { + "type": "string" + }, + "type": "array" + }, + "sourceIpRangesToNat": { + "description": "List of options for which source IPs in the subnetwork\nshould have NAT enabled. Supported values include:\n'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',\n'PRIMARY_IP_RANGE'.", + "items": { + "type": "string" + }, + "type": "array" + }, + "subnetworkRef": { + "description": "The subnetwork to NAT.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "sourceIpRangesToNat", + "subnetworkRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "tcpEstablishedIdleTimeoutSec": { + "description": "Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.", + "type": "integer" + }, + "tcpTimeWaitTimeoutSec": { + "description": "Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.", + "type": "integer" + }, + "tcpTransitoryIdleTimeoutSec": { + "description": "Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.", + "type": "integer" + }, + "udpIdleTimeoutSec": { + "description": "Timeout (in seconds) for UDP connections. Defaults to 30s if not set.", + "type": "integer" + } + }, + "required": [ + "natIpAllocateOption", + "region", + "routerRef", + "sourceSubnetworkIpRangesToNat" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computerouterpeer_v1beta1.json b/compute.cnrm.cloud.google.com/computerouterpeer_v1beta1.json new file mode 100644 index 00000000..fc687a03 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computerouterpeer_v1beta1.json @@ -0,0 +1,329 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "advertiseMode": { + "description": "User-specified flag to indicate which mode to use for advertisement.\nValid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"].", + "type": "string" + }, + "advertisedGroups": { + "description": "User-specified list of prefix groups to advertise in custom\nmode, which currently supports the following option:\n\n* 'ALL_SUBNETS': Advertises all of the router's own VPC subnets.\nThis excludes any routes learned for subnets that use VPC Network\nPeering.\n\n\nNote that this field can only be populated if advertiseMode is 'CUSTOM'\nand overrides the list defined for the router (in the \"bgp\" message).\nThese groups are advertised in addition to any specified prefixes.\nLeave this field blank to advertise no custom groups.", + "items": { + "type": "string" + }, + "type": "array" + }, + "advertisedIpRanges": { + "description": "User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis 'CUSTOM' and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.", + "items": { + "properties": { + "description": { + "description": "User-specified description for the IP range.", + "type": "string" + }, + "range": { + "description": "The IP range to advertise. The value must be a\nCIDR-formatted string.", + "type": "string" + } + }, + "required": [ + "range" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "advertisedRoutePriority": { + "description": "The priority of routes advertised to this BGP peer.\nWhere there is more than one matching route of maximum\nlength, the routes with the lowest priority value win.", + "type": "integer" + }, + "bfd": { + "description": "BFD configuration for the BGP peering.", + "properties": { + "minReceiveInterval": { + "description": "The minimum interval, in milliseconds, between BFD control packets\nreceived from the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the transmit interval of the other router. If set, this value\nmust be between 1000 and 30000.", + "type": "integer" + }, + "minTransmitInterval": { + "description": "The minimum interval, in milliseconds, between BFD control packets\ntransmitted to the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the corresponding receive interval of the other router. If set,\nthis value must be between 1000 and 30000.", + "type": "integer" + }, + "multiplier": { + "description": "The number of consecutive BFD packets that must be missed before\nBFD declares that a peer is unavailable. If set, the value must\nbe a value between 5 and 16.", + "type": "integer" + }, + "sessionInitializationMode": { + "description": "The BFD session initialization mode for this BGP peer.\nIf set to 'ACTIVE', the Cloud Router will initiate the BFD session\nfor this BGP peer. If set to 'PASSIVE', the Cloud Router will wait\nfor the peer router to initiate the BFD session for this BGP peer.\nIf set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: [\"ACTIVE\", \"DISABLED\", \"PASSIVE\"].", + "type": "string" + } + }, + "required": [ + "sessionInitializationMode" + ], + "type": "object", + "additionalProperties": false + }, + "enable": { + "description": "The status of the BGP peer connection. If set to false, any active session\nwith the peer is terminated and all associated routing information is removed.\nIf set to true, the peer connection can be established with routing information.\nThe default is true.", + "type": "boolean" + }, + "enableIpv6": { + "description": "Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.", + "type": "boolean" + }, + "ipAddress": { + "description": "IP address of the interface inside Google Cloud Platform.\nOnly IPv4 is supported.", + "properties": { + "external": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ipv6NexthopAddress": { + "description": "IPv6 address of the interface inside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.", + "type": "string" + }, + "peerAsn": { + "description": "Peer BGP Autonomous System Number (ASN).\nEach BGP interface may use a different value.", + "type": "integer" + }, + "peerIpAddress": { + "description": "IP address of the BGP interface outside Google Cloud Platform.\nOnly IPv4 is supported. Required if 'ip_address' is set.", + "type": "string" + }, + "peerIpv6NexthopAddress": { + "description": "IPv6 address of the BGP interface outside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.", + "type": "string" + }, + "region": { + "description": "Immutable. Region where the router and BgpPeer reside.\nIf it is not provided, the provider region is used.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "routerApplianceInstanceRef": { + "description": "The URI of the VM instance that is used as third-party router\nappliances such as Next Gen Firewalls, Virtual Routers, or Router\nAppliances. The VM instance must be located in zones contained in\nthe same region as this Cloud Router. The VM instance is the peer\nside of the BGP session.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "routerInterfaceRef": { + "description": "The interface the BGP peer is associated with.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeRouterInterface` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "routerRef": { + "description": "The Cloud Router in which this BGP peer will be configured.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeRouter` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "peerAsn", + "region", + "routerInterfaceRef", + "routerRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "managementType": { + "description": "The resource that configures and manages this BGP peer.\n\n* 'MANAGED_BY_USER' is the default value and can be managed by\nyou or other users\n* 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and\nmanaged by Cloud Interconnect, specifically by an\nInterconnectAttachment of type PARTNER. Google automatically\ncreates, updates, and deletes this type of BGP peer when the\nPARTNER InterconnectAttachment is created, updated,\nor deleted.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computesecuritypolicy_v1beta1.json b/compute.cnrm.cloud.google.com/computesecuritypolicy_v1beta1.json new file mode 100644 index 00000000..601972e3 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computesecuritypolicy_v1beta1.json @@ -0,0 +1,569 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "adaptiveProtectionConfig": { + "description": "Adaptive Protection Config of this security policy.", + "properties": { + "autoDeployConfig": { + "description": "Auto Deploy Config of this security policy.", + "properties": { + "confidenceThreshold": { + "description": "Rules are only automatically deployed for alerts on potential attacks with confidence scores greater than this threshold.", + "type": "number" + }, + "expirationSec": { + "description": "Google Cloud Armor stops applying the action in the automatically deployed rule to an identified attacker after this duration. The rule continues to operate against new requests.", + "type": "integer" + }, + "impactedBaselineThreshold": { + "description": "Rules are only automatically deployed when the estimated impact to baseline traffic from the suggested mitigation is below this threshold.", + "type": "number" + }, + "loadThreshold": { + "description": "Identifies new attackers only when the load to the backend service that is under attack exceeds this threshold.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "layer7DdosDefenseConfig": { + "description": "Layer 7 DDoS Defense Config of this security policy.", + "properties": { + "enable": { + "description": "If set to true, enables CAAP for L7 DDoS detection.", + "type": "boolean" + }, + "ruleVisibility": { + "description": "Rule visibility. Supported values include: \"STANDARD\", \"PREMIUM\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "advancedOptionsConfig": { + "description": "Advanced Options Config of this security policy.", + "properties": { + "jsonCustomConfig": { + "description": "Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.", + "properties": { + "contentTypes": { + "description": "A list of custom Content-Type header values to apply the JSON parsing.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "contentTypes" + ], + "type": "object", + "additionalProperties": false + }, + "jsonParsing": { + "description": "JSON body parsing. Supported values include: \"DISABLED\", \"STANDARD\".", + "type": "string" + }, + "logLevel": { + "description": "Logging level. Supported values include: \"NORMAL\", \"VERBOSE\".", + "type": "string" + }, + "userIpRequestHeaders": { + "description": "An optional list of case-insensitive request header names to use for resolving the callers client IP address.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "An optional description of this security policy. Max size is 2048.", + "type": "string" + }, + "recaptchaOptionsConfig": { + "description": "reCAPTCHA configuration options to be applied for the security policy.", + "properties": { + "redirectSiteKeyRef": { + "description": "A field to supply a reCAPTCHA site key to be used for all the rules\nusing the redirect action with the type of GOOGLE_RECAPTCHA under\nthe security policy. The specified site key needs to be created from\nthe reCAPTCHA API. The user is responsible for the validity of the\nspecified site key. If not specified, a Google-managed site key is\nused.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `RecaptchaEnterpriseKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "redirectSiteKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rule": { + "description": "The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.", + "items": { + "properties": { + "action": { + "description": "Action to take when match matches the request.", + "type": "string" + }, + "description": { + "description": "An optional description of this rule. Max size is 64.", + "type": "string" + }, + "headerAction": { + "description": "Additional actions that are performed on headers.", + "properties": { + "requestHeadersToAdds": { + "description": "The list of request headers to add or overwrite if they're already present.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header to set.", + "type": "string" + }, + "headerValue": { + "description": "The value to set the named header to.", + "type": "string" + } + }, + "required": [ + "headerName" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "requestHeadersToAdds" + ], + "type": "object", + "additionalProperties": false + }, + "match": { + "description": "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.", + "properties": { + "config": { + "description": "The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.", + "properties": { + "srcIpRanges": { + "description": "Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "srcIpRanges" + ], + "type": "object", + "additionalProperties": false + }, + "expr": { + "description": "User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.", + "properties": { + "expression": { + "description": "Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.", + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object", + "additionalProperties": false + }, + "versionedExpr": { + "description": "Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "preconfiguredWafConfig": { + "description": "Preconfigured WAF configuration to be applied for the rule. If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.", + "properties": { + "exclusion": { + "description": "An exclusion to apply during preconfigured WAF evaluation.", + "items": { + "properties": { + "requestCookie": { + "description": "Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.", + "items": { + "properties": { + "operator": { + "description": "You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.", + "type": "string" + }, + "value": { + "description": "A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.", + "type": "string" + } + }, + "required": [ + "operator" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestHeader": { + "description": "Request header whose value will be excluded from inspection during preconfigured WAF evaluation.", + "items": { + "properties": { + "operator": { + "description": "You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.", + "type": "string" + }, + "value": { + "description": "A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.", + "type": "string" + } + }, + "required": [ + "operator" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestQueryParam": { + "description": "Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.", + "items": { + "properties": { + "operator": { + "description": "You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.", + "type": "string" + }, + "value": { + "description": "A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.", + "type": "string" + } + }, + "required": [ + "operator" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestUri": { + "description": "Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.", + "items": { + "properties": { + "operator": { + "description": "You can specify an exact match or a partial match by using a field operator and a field value. Available options: EQUALS: The operator matches if the field value equals the specified value. STARTS_WITH: The operator matches if the field value starts with the specified value. ENDS_WITH: The operator matches if the field value ends with the specified value. CONTAINS: The operator matches if the field value contains the specified value. EQUALS_ANY: The operator matches if the field value is any value.", + "type": "string" + }, + "value": { + "description": "A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.", + "type": "string" + } + }, + "required": [ + "operator" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "targetRuleIds": { + "description": "A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.", + "items": { + "type": "string" + }, + "type": "array" + }, + "targetRuleSet": { + "description": "Target WAF rule set to apply the preconfigured WAF exclusion.", + "type": "string" + } + }, + "required": [ + "targetRuleSet" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "preview": { + "description": "When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.", + "type": "boolean" + }, + "priority": { + "description": "An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.", + "type": "integer" + }, + "rateLimitOptions": { + "description": "Rate limit threshold for this security policy. Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.", + "properties": { + "banDurationSec": { + "description": "Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.", + "type": "integer" + }, + "banThreshold": { + "description": "Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.", + "properties": { + "count": { + "description": "Number of HTTP(S) requests for calculating the threshold.", + "type": "integer" + }, + "intervalSec": { + "description": "Interval over which the threshold is computed.", + "type": "integer" + } + }, + "required": [ + "count", + "intervalSec" + ], + "type": "object", + "additionalProperties": false + }, + "conformAction": { + "description": "Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.", + "type": "string" + }, + "enforceOnKey": { + "description": "Determines the key to enforce the rateLimitThreshold on.", + "type": "string" + }, + "enforceOnKeyConfigs": { + "description": "Enforce On Key Config of this security policy.", + "items": { + "properties": { + "enforceOnKeyName": { + "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.", + "type": "string" + }, + "enforceOnKeyType": { + "description": "Determines the key to enforce the rate_limit_threshold on.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "enforceOnKeyName": { + "description": "Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.", + "type": "string" + }, + "exceedAction": { + "description": "Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are \"deny()\" where valid values for status are 403, 404, 429, and 502, and \"redirect\" where the redirect parameters come from exceedRedirectOptions below.", + "type": "string" + }, + "exceedRedirectOptions": { + "description": "Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.", + "properties": { + "target": { + "description": "Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.", + "type": "string" + }, + "type": { + "description": "Type of the redirect action.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "rateLimitThreshold": { + "description": "Threshold at which to begin ratelimiting.", + "properties": { + "count": { + "description": "Number of HTTP(S) requests for calculating the threshold.", + "type": "integer" + }, + "intervalSec": { + "description": "Interval over which the threshold is computed.", + "type": "integer" + } + }, + "required": [ + "count", + "intervalSec" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "conformAction", + "exceedAction", + "rateLimitThreshold" + ], + "type": "object", + "additionalProperties": false + }, + "redirectOptions": { + "description": "Parameters defining the redirect action. Cannot be specified for any other actions.", + "properties": { + "target": { + "description": "Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.", + "type": "string" + }, + "type": { + "description": "Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "action", + "match", + "priority" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "type": { + "description": "The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "fingerprint": { + "description": "Fingerprint of this resource.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeserviceattachment_v1beta1.json b/compute.cnrm.cloud.google.com/computeserviceattachment_v1beta1.json new file mode 100644 index 00000000..e25ac091 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeserviceattachment_v1beta1.json @@ -0,0 +1,418 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "connectionPreference": { + "description": "The connection preference of service attachment. The value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service attachment is one that always accepts the connection from consumer forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, ACCEPT_AUTOMATIC, ACCEPT_MANUAL", + "type": "string" + }, + "consumerAcceptLists": { + "description": "Projects that are allowed to connect to this service attachment.", + "items": { + "properties": { + "connectionLimit": { + "description": "The value of the limit to set.", + "format": "int64", + "type": "integer" + }, + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project id or number for the project to set the limit for.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "consumerRejectLists": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "description": { + "description": "An optional description of this resource. Provide this property when you create the resource.", + "type": "string" + }, + "enableProxyProtocol": { + "description": "Immutable. If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.", + "type": "boolean" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "natSubnets": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "targetServiceRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The URL of a service serving the endpoint identified by this service attachment.\n\nAllowed value: The `selfLink` field of a `ComputeForwardingRule` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "connectionPreference", + "location", + "natSubnets", + "projectRef", + "targetServiceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "connectedEndpoints": { + "description": "An array of connections for all the consumers connected to this service attachment.", + "items": { + "properties": { + "endpoint": { + "description": "The url of a connected endpoint.", + "type": "string" + }, + "pscConnectionId": { + "description": "The PSC connection id of the connected endpoint.", + "format": "int64", + "type": "integer" + }, + "status": { + "description": "The status of a connected endpoint to this service attachment. Possible values: PENDING, RUNNING, DONE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "fingerprint": { + "description": "Fingerprint of this resource. This field is used internally during updates of this resource.", + "type": "string" + }, + "id": { + "description": "The unique identifier for the resource type. The server generates this identifier.", + "format": "int64", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "pscServiceAttachmentId": { + "description": "An 128-bit global unique ID of the PSC service attachment.", + "properties": { + "high": { + "format": "int64", + "type": "integer" + }, + "low": { + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "URL of the region where the service attachment resides. This field applies only to the region resource. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", + "type": "string" + }, + "selfLink": { + "description": "Server-defined URL for the resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computesharedvpchostproject_v1beta1.json b/compute.cnrm.cloud.google.com/computesharedvpchostproject_v1beta1.json new file mode 100644 index 00000000..6f7b1712 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computesharedvpchostproject_v1beta1.json @@ -0,0 +1,56 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computesharedvpcserviceproject_v1beta1.json b/compute.cnrm.cloud.google.com/computesharedvpcserviceproject_v1beta1.json new file mode 100644 index 00000000..64750f3e --- /dev/null +++ b/compute.cnrm.cloud.google.com/computesharedvpcserviceproject_v1beta1.json @@ -0,0 +1,121 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "deletionPolicy": { + "description": "The deletion policy for the shared VPC service. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"ABANDON\".", + "type": "string" + }, + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computesnapshot_v1beta1.json b/compute.cnrm.cloud.google.com/computesnapshot_v1beta1.json new file mode 100644 index 00000000..bfa7a499 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computesnapshot_v1beta1.json @@ -0,0 +1,457 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "chainName": { + "description": "Immutable. Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.", + "type": "string" + }, + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "snapshotEncryptionKey": { + "description": "Immutable. Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.", + "properties": { + "kmsKeyRef": { + "description": "The encryption key that is stored in Google Cloud KMS.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyServiceAccountRef": { + "description": "The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "rawKey": { + "description": "Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "sha256": { + "description": "The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceDiskEncryptionKey": { + "description": "Immutable. The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.", + "properties": { + "kmsKeyServiceAccountRef": { + "description": "The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "rawKey": { + "description": "Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "sourceDiskRef": { + "description": "A reference to the disk used to create this snapshot.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeDisk` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "storageLocations": { + "description": "Immutable. Cloud Storage bucket storage location of the snapshot (regional or multi-regional).", + "items": { + "type": "string" + }, + "type": "array" + }, + "zone": { + "description": "Immutable. A reference to the zone where the disk is hosted.", + "type": "string" + } + }, + "required": [ + "sourceDiskRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "diskSizeGb": { + "description": "Size of the snapshot, specified in GB.", + "type": "integer" + }, + "labelFingerprint": { + "description": "The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.", + "type": "string" + }, + "licenses": { + "description": "A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.", + "items": { + "type": "string" + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + }, + "snapshotId": { + "description": "The unique identifier for the resource.", + "type": "integer" + }, + "storageBytes": { + "description": "A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computesslcertificate_v1beta1.json b/compute.cnrm.cloud.google.com/computesslcertificate_v1beta1.json new file mode 100644 index 00000000..72d27242 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computesslcertificate_v1beta1.json @@ -0,0 +1,215 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "certificate": { + "description": "Immutable. The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "location": { + "description": "Location represents the geographical location of the ComputeSSLCertificate. Specify a region name or \"global\" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "privateKey": { + "description": "Immutable. The write-only private key in PEM format.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "key", + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "certificate", + "location", + "privateKey" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "certificateId": { + "description": "The unique identifier for the resource.", + "type": "integer" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "expireTime": { + "description": "Expire time of the certificate in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computesslpolicy_v1beta1.json b/compute.cnrm.cloud.google.com/computesslpolicy_v1beta1.json new file mode 100644 index 00000000..7df90b80 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computesslpolicy_v1beta1.json @@ -0,0 +1,103 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "customFeatures": { + "description": "Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "minTlsVersion": { + "description": "The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"].", + "type": "string" + }, + "profile": { + "description": "Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "enabledFeatures": { + "description": "The list of features enabled in the SSL policy.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fingerprint": { + "description": "Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computesubnetwork_v1beta1.json b/compute.cnrm.cloud.google.com/computesubnetwork_v1beta1.json new file mode 100644 index 00000000..34468d67 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computesubnetwork_v1beta1.json @@ -0,0 +1,238 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource. Provide this property when\nyou create the resource. This field can be set only at resource\ncreation time.", + "type": "string" + }, + "ipCidrRange": { + "description": "The range of internal addresses that are owned by this subnetwork.\nProvide this property when you create the subnetwork. For example,\n10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported.", + "type": "string" + }, + "ipv6AccessType": { + "description": "The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation\nor the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet\ncannot enable direct path. Possible values: [\"EXTERNAL\", \"INTERNAL\"].", + "type": "string" + }, + "logConfig": { + "description": "This field denotes the VPC flow logging options for this subnetwork. If\nlogging is enabled, logs are exported to Cloud Logging. Flow logging\nisn't supported if the subnet 'purpose' field is set to subnetwork is\n'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'.", + "properties": { + "aggregationInterval": { + "description": "Can only be specified if VPC flow logging for this subnetwork is enabled.\nToggles the aggregation interval for collecting flow logs. Increasing the\ninterval time will reduce the amount of generated flow logs for long\nlasting connections. Default is an interval of 5 seconds per connection. Default value: \"INTERVAL_5_SEC\" Possible values: [\"INTERVAL_5_SEC\", \"INTERVAL_30_SEC\", \"INTERVAL_1_MIN\", \"INTERVAL_5_MIN\", \"INTERVAL_10_MIN\", \"INTERVAL_15_MIN\"].", + "type": "string" + }, + "filterExpr": { + "description": "Export filter used to define which VPC flow logs should be logged, as as CEL expression. See\nhttps://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field.\nThe default value is 'true', which evaluates to include everything.", + "type": "string" + }, + "flowSampling": { + "description": "Can only be specified if VPC flow logging for this subnetwork is enabled.\nThe value of the field must be in [0, 1]. Set the sampling rate of VPC\nflow logs within the subnetwork where 1.0 means all collected logs are\nreported and 0.0 means no logs are reported. Default is 0.5 which means\nhalf of all collected logs are reported.", + "type": "number" + }, + "metadata": { + "description": "Can only be specified if VPC flow logging for this subnetwork is enabled.\nConfigures whether metadata fields should be added to the reported VPC\nflow logs. Default value: \"INCLUDE_ALL_METADATA\" Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\", \"CUSTOM_METADATA\"].", + "type": "string" + }, + "metadataFields": { + "description": "List of metadata fields that should be added to reported logs.\nCan only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" is set to CUSTOM_METADATA.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkRef": { + "description": "The network this subnet belongs to. Only networks that are in the\ndistributed mode can have subnetworks.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "privateIpGoogleAccess": { + "description": "When enabled, VMs in this subnetwork without external IP addresses can\naccess Google APIs and services by using Private Google Access.", + "type": "boolean" + }, + "privateIpv6GoogleAccess": { + "description": "The private IPv6 google access type for the VMs in this subnet.", + "type": "string" + }, + "purpose": { + "description": "Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY', or 'PRIVATE_SERVICE_CONNECT'.\nA subnet with purpose set to 'REGIONAL_MANAGED_PROXY' is a user-created subnetwork that is reserved for regional Envoy-based load balancers.\nA subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers.\nA subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service.\nNote that 'REGIONAL_MANAGED_PROXY' is the preferred setting for all regional Envoy load balancers.\nIf unspecified, the purpose defaults to 'PRIVATE_RFC_1918'.", + "type": "string" + }, + "region": { + "description": "Immutable. The GCP region for this subnetwork.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "role": { + "description": "The role of subnetwork.\nCurrently, this field is only used when 'purpose' is 'REGIONAL_MANAGED_PROXY'.\nThe value can be set to 'ACTIVE' or 'BACKUP'.\nAn 'ACTIVE' subnetwork is one that is currently being used for Envoy-based load balancers in a region.\nA 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Possible values: [\"ACTIVE\", \"BACKUP\"].", + "type": "string" + }, + "secondaryIpRange": { + "items": { + "properties": { + "ipCidrRange": { + "description": "The range of IP addresses belonging to this subnetwork secondary\nrange. Provide this property when you create the subnetwork.\nRanges must be unique and non-overlapping with all primary and\nsecondary IP ranges within a network. Only IPv4 is supported.", + "type": "string" + }, + "rangeName": { + "description": "The name associated with this subnetwork secondary range, used\nwhen adding an alias IP range to a VM instance. The name must\nbe 1-63 characters long, and comply with RFC1035. The name\nmust be unique within the subnetwork.", + "type": "string" + } + }, + "required": [ + "ipCidrRange", + "rangeName" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "stackType": { + "description": "The stack type for this subnet to identify whether the IPv6 feature is enabled or not.\nIf not specified IPV4_ONLY will be used. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"].", + "type": "string" + } + }, + "required": [ + "ipCidrRange", + "networkRef", + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "externalIpv6Prefix": { + "description": "The range of external IPv6 addresses that are owned by this subnetwork.", + "type": "string" + }, + "fingerprint": { + "description": "DEPRECATED. This field is not useful for users, and has been removed as an output. Fingerprint of this resource. This field is used internally during updates of this resource.", + "type": "string" + }, + "gatewayAddress": { + "description": "The gateway address for default routes to reach destination addresses\noutside this subnetwork.", + "type": "string" + }, + "internalIpv6Prefix": { + "description": "The internal IPv6 address range that is assigned to this subnetwork.", + "type": "string" + }, + "ipv6CidrRange": { + "description": "The range of internal IPv6 addresses that are owned by this subnetwork.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computetargetgrpcproxy_v1beta1.json b/compute.cnrm.cloud.google.com/computetargetgrpcproxy_v1beta1.json new file mode 100644 index 00000000..95c9776c --- /dev/null +++ b/compute.cnrm.cloud.google.com/computetargetgrpcproxy_v1beta1.json @@ -0,0 +1,139 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "An optional description of this resource.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "urlMapRef": { + "description": "The UrlMap resource that defines the mapping from URL to the BackendService.\nThe protocol field in the BackendService must be set to GRPC.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeURLMap` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "validateForProxyless": { + "description": "Immutable. If true, indicates that the BackendServices referenced by\nthe urlMap may be accessed by gRPC applications without using\na sidecar proxy. This will enable configuration checks on urlMap\nand its referenced BackendServices to not allow unsupported features.\nA gRPC application must use \"xds:///\" scheme in the target URI\nof the service it is connecting to. If false, indicates that the\nBackendServices referenced by the urlMap will be accessed by gRPC\napplications via a sidecar proxy. In this case, a gRPC application\nmust not use \"xds:///\" scheme in the target URI of the service\nit is connecting to.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "fingerprint": { + "description": "Fingerprint of this resource. A hash of the contents stored in\nthis object. This field is used in optimistic locking. This field\nwill be ignored when inserting a TargetGrpcProxy. An up-to-date\nfingerprint must be provided in order to patch/update the\nTargetGrpcProxy; otherwise, the request will fail with error\n412 conditionNotMet. To see the latest fingerprint, make a get()\nrequest to retrieve the TargetGrpcProxy. A base64-encoded string.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + }, + "selfLinkWithId": { + "description": "Server-defined URL with id for the resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computetargethttpproxy_v1beta1.json b/compute.cnrm.cloud.google.com/computetargethttpproxy_v1beta1.json new file mode 100644 index 00000000..c5bafb8e --- /dev/null +++ b/compute.cnrm.cloud.google.com/computetargethttpproxy_v1beta1.json @@ -0,0 +1,150 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "httpKeepAliveTimeoutSec": { + "description": "Immutable. Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.", + "type": "integer" + }, + "location": { + "description": "Location represents the geographical location of the ComputeTargetHTTPProxy. Specify a region name or \"global\" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "proxyBind": { + "description": "Immutable. This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.", + "type": "boolean" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "urlMapRef": { + "description": "A reference to the ComputeURLMap resource that defines the mapping\nfrom URL to the BackendService.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeURLMap` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "urlMapRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "proxyId": { + "description": "The unique identifier for the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computetargethttpsproxy_v1beta1.json b/compute.cnrm.cloud.google.com/computetargethttpsproxy_v1beta1.json new file mode 100644 index 00000000..20e82905 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computetargethttpsproxy_v1beta1.json @@ -0,0 +1,357 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "certificateMapRef": { + "description": "A reference to the CertificateMap resource uri that identifies a\ncertificate map associated with the given target proxy. This field\ncan only be set for global target proxies.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, where {{value}} is the `name` field of a `CertificateManagerCertificateMap` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "httpKeepAliveTimeoutSec": { + "description": "Immutable. Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.", + "type": "integer" + }, + "location": { + "description": "Location represents the geographical location of the ComputeTargetHTTPSProxy. Specify a region name or \"global\" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "proxyBind": { + "description": "Immutable. This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.", + "type": "boolean" + }, + "quicOverride": { + "description": "Specifies the QUIC override policy for this resource. This determines\nwhether the load balancer will attempt to negotiate QUIC with clients\nor not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is\nspecified, Google manages whether QUIC is used. Default value: \"NONE\" Possible values: [\"NONE\", \"ENABLE\", \"DISABLE\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serverTlsPolicyRef": { + "description": "Immutable. A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{value}}`, where {{value}} is the `name` field of a `NetworkSecurityServerTLSPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sslCertificates": { + "items": { + "description": "A list of ComputeSSLCertificate resources that are used to\nauthenticate connections between users and the load balancer. At\nleast one SSL certificate must be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSSLCertificate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sslPolicyRef": { + "description": "A reference to the ComputeSSLPolicy resource that will be\nassociated with the ComputeTargetHTTPSProxy resource. If not set,\nthe ComputeTargetHTTPSProxy resource will not have any SSL policy\nconfigured.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSSLPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "urlMapRef": { + "description": "A reference to the ComputeURLMap resource that defines the mapping\nfrom URL to the BackendService.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeURLMap` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "urlMapRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "proxyId": { + "description": "The unique identifier for the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computetargetinstance_v1beta1.json b/compute.cnrm.cloud.google.com/computetargetinstance_v1beta1.json new file mode 100644 index 00000000..dba7a05d --- /dev/null +++ b/compute.cnrm.cloud.google.com/computetargetinstance_v1beta1.json @@ -0,0 +1,242 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "instanceRef": { + "description": "The ComputeInstance handling traffic for this target instance.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "natPolicy": { + "description": "Immutable. NAT option controlling how IPs are NAT'ed to the instance.\nCurrently only NO_NAT (default value) is supported. Default value: \"NO_NAT\" Possible values: [\"NO_NAT\"].", + "type": "string" + }, + "networkRef": { + "description": "The network this target instance uses to forward\ntraffic. If not specified, the traffic will be forwarded to the network\nthat the default network interface belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "securityPolicyRef": { + "description": "The resource URL for the security policy associated with this target instance.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "zone": { + "description": "Immutable. URL of the zone where the target instance resides.", + "type": "string" + } + }, + "required": [ + "instanceRef", + "zone" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computetargetpool_v1beta1.json b/compute.cnrm.cloud.google.com/computetargetpool_v1beta1.json new file mode 100644 index 00000000..0ab65cfd --- /dev/null +++ b/compute.cnrm.cloud.google.com/computetargetpool_v1beta1.json @@ -0,0 +1,301 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "backupTargetPoolRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetPool` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. Textual description field.", + "type": "string" + }, + "failoverRatio": { + "description": "Immutable. Ratio (0 to 1) of failed nodes before using the backup pool (which must also be set).", + "type": "number" + }, + "healthChecks": { + "items": { + "properties": { + "httpHealthCheckRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "instances": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "region": { + "description": "Immutable. Where the target pool resides. Defaults to project region.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "securityPolicyRef": { + "description": "The resource URL for the security policy associated with this target pool.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sessionAffinity": { + "description": "Immutable. How to distribute load. Options are \"NONE\" (no affinity). \"CLIENT_IP\" (hash of the source/dest addresses / ports), and \"CLIENT_IP_PROTO\" also includes the protocol (default \"NONE\").", + "type": "string" + } + }, + "required": [ + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computetargetsslproxy_v1beta1.json b/compute.cnrm.cloud.google.com/computetargetsslproxy_v1beta1.json new file mode 100644 index 00000000..022ca3a5 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computetargetsslproxy_v1beta1.json @@ -0,0 +1,294 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "backendServiceRef": { + "description": "A reference to the ComputeBackendService resource.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificateMapRef": { + "description": "A reference to the CertificateMap resource uri that identifies a\ncertificate map associated with the given target proxy. This\nfield can only be set for global target proxies. Accepted format is\n'//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `CertificateManagerCertificateMap` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "sslCertificates": { + "items": { + "description": "A list of ComputeSSLCertificate resources that are used to\nauthenticate connections between users and the load balancer.\nCurrently, exactly one SSL certificate must be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSSLCertificate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sslPolicyRef": { + "description": "A reference to the ComputeSSLPolicy resource that will be\nassociated with the TargetSslProxy resource. If not set, the\nComputeTargetSSLProxy resource will not have any SSL policy\nconfigured.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSSLPolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "backendServiceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "proxyId": { + "description": "The unique identifier for the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computetargettcpproxy_v1beta1.json b/compute.cnrm.cloud.google.com/computetargettcpproxy_v1beta1.json new file mode 100644 index 00000000..519e2372 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computetargettcpproxy_v1beta1.json @@ -0,0 +1,145 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "backendServiceRef": { + "description": "A reference to the ComputeBackendService resource.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "proxyBind": { + "description": "Immutable. This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.", + "type": "boolean" + }, + "proxyHeader": { + "description": "Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "backendServiceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "proxyId": { + "description": "The unique identifier for the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computetargetvpngateway_v1beta1.json b/compute.cnrm.cloud.google.com/computetargetvpngateway_v1beta1.json new file mode 100644 index 00000000..a81ebe2a --- /dev/null +++ b/compute.cnrm.cloud.google.com/computetargetvpngateway_v1beta1.json @@ -0,0 +1,142 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "networkRef": { + "description": "The network this VPN gateway is accepting traffic for.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. The region this gateway should sit in.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "networkRef", + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "gatewayId": { + "description": "The unique identifier for the resource.", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computeurlmap_v1beta1.json b/compute.cnrm.cloud.google.com/computeurlmap_v1beta1.json new file mode 100644 index 00000000..14349440 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computeurlmap_v1beta1.json @@ -0,0 +1,2703 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "defaultRouteAction": { + "description": "defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.\nURL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction.\ndefaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.", + "properties": { + "corsPolicy": { + "description": "The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/).", + "properties": { + "allowCredentials": { + "description": "In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.\nDefault is false.", + "type": "boolean" + }, + "allowHeaders": { + "description": "Specifies the content for the Access-Control-Allow-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowMethods": { + "description": "Specifies the content for the Access-Control-Allow-Methods header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOriginRegexes": { + "description": "Specifies the regualar expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOrigins": { + "description": "Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "disabled": { + "description": "If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.", + "type": "boolean" + }, + "exposeHeaders": { + "description": "Specifies the content for the Access-Control-Expose-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "maxAge": { + "description": "Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "faultInjectionPolicy": { + "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.\nSimilarly requests from clients can be aborted by the load balancer for a percentage of requests.\ntimeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.\nFault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).", + "properties": { + "abort": { + "description": "The specification for how client requests are aborted as part of fault injection.", + "properties": { + "httpStatus": { + "description": "The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.", + "type": "integer" + }, + "percentage": { + "description": "The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "delay": { + "description": "The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.", + "properties": { + "fixedDelay": { + "description": "Specifies the value of the fixed delay interval.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "percentage": { + "description": "The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "requestMirrorPolicy": { + "description": "Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nThe load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.", + "properties": { + "backendServiceRef": { + "description": "The backend service resource being mirrored to.\nThe backend service configured for a mirroring policy must reference\nbackends that are of the same type as the original backend service\nmatched in the URL map.\nServerless NEG backends are not currently supported as a mirrored\nbackend service.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "retryPolicy": { + "description": "Specifies the retry policy associated with this route.", + "properties": { + "numRetries": { + "description": "Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1.", + "type": "integer" + }, + "perTryTimeout": { + "description": "Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "retryConditions": { + "description": "Specifies one or more conditions when this retry policy applies.\nValid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable.\n - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams.\n - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504.\n - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts.\n - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409.\n - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled.\n - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded.\n - internal : a retry is attempted if the gRPC status code in the response header is set to internal.\n - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted.\n - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.\nIf not specified, this field uses the largest timeout among all backend services associated with the route.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "urlRewrite": { + "description": "The spec to modify the URL of the request, before forwarding the request to the matched service.\nurlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.", + "properties": { + "hostRewrite": { + "description": "Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.\nThe value must be from 1 to 255 characters.", + "type": "string" + }, + "pathPrefixRewrite": { + "description": "Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.\nThe value must be from 1 to 1024 characters.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weightedBackendServices": { + "description": "A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number.\nAfter a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.", + "items": { + "properties": { + "backendServiceRef": { + "description": "The default backend service resource.\nBefore forwarding the request to backendService, the loadbalancer\napplies any relevant headerActions specified as part of this\nbackendServiceWeight.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "headerAction": { + "description": "Specifies changes to request and response headers that need to take effect for the selected backendService.\nheaderAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.\nheaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.", + "properties": { + "requestHeadersToAdd": { + "description": "Headers to add to a matching request before forwarding the request to the backendService.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeadersToAdd": { + "description": "Headers to add the response before sending the response back to the client.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "responseHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the response before sending the response back to the client.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) .\nThe selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy.\nThe value must be from 0 to 1000.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "defaultService": { + "description": "The defaultService resource to which traffic is directed if none of\nthe hostRules match.\nFor the Global URL Map, it should be a reference to the backend\nservice or backend bucket.\nFor the Regional URL Map, it should be a reference to the backend\nservice.\nIf defaultRouteAction is additionally specified, advanced routing\nactions like URL Rewrites, etc. take effect prior to sending the\nrequest to the backend. However, if defaultService is specified,\ndefaultRouteAction cannot contain any weightedBackendServices.\nConversely, if routeAction specifies any weightedBackendServices,\nservice must not be specified. Only one of defaultService,\ndefaultUrlRedirect or defaultRouteAction.weightedBackendService\nmust be set.", + "oneOf": [ + { + "required": [ + "backendBucketRef" + ] + }, + { + "required": [ + "backendServiceRef" + ] + } + ], + "properties": { + "backendBucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "backendServiceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "defaultUrlRedirect": { + "description": "When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.", + "properties": { + "hostRedirect": { + "description": "The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.", + "type": "string" + }, + "httpsRedirect": { + "description": "If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.", + "type": "boolean" + }, + "pathRedirect": { + "description": "The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.", + "type": "string" + }, + "prefixRedirect": { + "description": "The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.", + "type": "string" + }, + "redirectResponseCode": { + "description": "The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"].", + "type": "string" + }, + "stripQuery": { + "description": "If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.", + "type": "boolean" + } + }, + "required": [ + "stripQuery" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "An optional description of this resource. Provide this property when\nyou create the resource.", + "type": "string" + }, + "headerAction": { + "description": "Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here take effect after\nheaderAction specified under pathMatcher.", + "properties": { + "requestHeadersToAdd": { + "description": "Headers to add to a matching request prior to forwarding the request to the\nbackendService.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeadersToAdd": { + "description": "Headers to add the response prior to sending the response back to the client.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "responseHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "hostRule": { + "description": "The list of HostRules to use against the URL.", + "items": { + "properties": { + "description": { + "description": "An optional description of this HostRule. Provide this property\nwhen you create the resource.", + "type": "string" + }, + "hosts": { + "description": "The list of host patterns to match. They must be valid\nhostnames, except * will match any string of ([a-z0-9-.]*). In\nthat case, * must be the first character and must be followed in\nthe pattern by either - or ..", + "items": { + "type": "string" + }, + "type": "array" + }, + "pathMatcher": { + "description": "The name of the PathMatcher to use to match the path portion of\nthe URL if the hostRule matches the URL's host portion.", + "type": "string" + } + }, + "required": [ + "hosts", + "pathMatcher" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "location": { + "description": "Location represents the geographical location of the ComputeURLMap. Specify a region name or \"global\" for global resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "pathMatcher": { + "description": "The list of named PathMatchers to use against the URL.", + "items": { + "properties": { + "defaultRouteAction": { + "description": "defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs\nadvanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request\nto the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set.\nConversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.", + "properties": { + "corsPolicy": { + "description": "The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/).", + "properties": { + "allowCredentials": { + "description": "In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.", + "type": "boolean" + }, + "allowHeaders": { + "description": "Specifies the content for the Access-Control-Allow-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowMethods": { + "description": "Specifies the content for the Access-Control-Allow-Methods header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOriginRegexes": { + "description": "Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOrigins": { + "description": "Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "disabled": { + "description": "If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.", + "type": "boolean" + }, + "exposeHeaders": { + "description": "Specifies the content for the Access-Control-Expose-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "maxAge": { + "description": "Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "faultInjectionPolicy": { + "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.", + "properties": { + "abort": { + "description": "The specification for how client requests are aborted as part of fault injection.", + "properties": { + "httpStatus": { + "description": "The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.", + "type": "integer" + }, + "percentage": { + "description": "The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "delay": { + "description": "The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.", + "properties": { + "fixedDelay": { + "description": "Specifies the value of the fixed delay interval.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "percentage": { + "description": "The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "requestMirrorPolicy": { + "description": "Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.", + "properties": { + "backendServiceRef": { + "description": "Required. The backend service resource being mirrored to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "backendServiceRef" + ], + "type": "object", + "additionalProperties": false + }, + "retryPolicy": { + "description": "Specifies the retry policy associated with this route.", + "properties": { + "numRetries": { + "description": "Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1.", + "type": "integer" + }, + "perTryTimeout": { + "description": "Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "retryConditions": { + "description": "Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "urlRewrite": { + "description": "The spec to modify the URL of the request, prior to forwarding the request to the matched service.", + "properties": { + "hostRewrite": { + "description": "Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.", + "type": "string" + }, + "pathPrefixRewrite": { + "description": "Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weightedBackendServices": { + "description": "A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.", + "items": { + "properties": { + "backendServiceRef": { + "description": "The default backend service resource.\nBefore forwarding the request to backendService, the loadbalancer\napplies any relevant headerActions specified as part of this\nbackendServiceWeight.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "headerAction": { + "description": "Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.", + "properties": { + "requestHeadersToAdd": { + "description": "Headers to add to a matching request prior to forwarding the request to the backendService.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header to add.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeadersToAdd": { + "description": "Headers to add the response prior to sending the response back to the client.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header to add.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "responseHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "defaultService": { + "description": "The default service to use if none of the pathRules defined by this\nPathMatcher is matched by the URL's path portion.\nFor the Global URL Map, it should be a reference to the backend\nservice or backend bucket.\nFor the Regional URL Map, it should be a reference to the backend\nservice.", + "oneOf": [ + { + "required": [ + "backendBucketRef" + ] + }, + { + "required": [ + "backendServiceRef" + ] + } + ], + "properties": { + "backendBucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "backendServiceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "defaultUrlRedirect": { + "description": "When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.", + "properties": { + "hostRedirect": { + "description": "The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.", + "type": "string" + }, + "httpsRedirect": { + "description": "If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.", + "type": "boolean" + }, + "pathRedirect": { + "description": "The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.", + "type": "string" + }, + "prefixRedirect": { + "description": "The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.", + "type": "string" + }, + "redirectResponseCode": { + "description": "The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"].", + "type": "string" + }, + "stripQuery": { + "description": "If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.", + "type": "boolean" + } + }, + "required": [ + "stripQuery" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "An optional description of this resource.", + "type": "string" + }, + "headerAction": { + "description": "Specifies changes to request and response headers that need to take effect for\nthe selected backendService. HeaderAction specified here are applied after the\nmatching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap.", + "properties": { + "requestHeadersToAdd": { + "description": "Headers to add to a matching request prior to forwarding the request to the\nbackendService.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeadersToAdd": { + "description": "Headers to add the response prior to sending the response back to the client.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "responseHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "The name to which this PathMatcher is referred by the HostRule.", + "type": "string" + }, + "pathRule": { + "description": "The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.", + "items": { + "properties": { + "paths": { + "description": "The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.", + "items": { + "type": "string" + }, + "type": "array" + }, + "routeAction": { + "description": "In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.", + "properties": { + "corsPolicy": { + "description": "The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing.", + "properties": { + "allowCredentials": { + "description": "In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.", + "type": "boolean" + }, + "allowHeaders": { + "description": "Specifies the content for the Access-Control-Allow-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowMethods": { + "description": "Specifies the content for the Access-Control-Allow-Methods header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOriginRegexes": { + "description": "Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOrigins": { + "description": "Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.", + "items": { + "type": "string" + }, + "type": "array" + }, + "disabled": { + "description": "If true, specifies the CORS policy is disabled.", + "type": "boolean" + }, + "exposeHeaders": { + "description": "Specifies the content for the Access-Control-Expose-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "maxAge": { + "description": "Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.", + "type": "integer" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + }, + "faultInjectionPolicy": { + "description": "The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.", + "properties": { + "abort": { + "description": "The specification for how client requests are aborted as part of fault\ninjection.", + "properties": { + "httpStatus": { + "description": "The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.", + "type": "integer" + }, + "percentage": { + "description": "The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.", + "type": "number" + } + }, + "required": [ + "httpStatus", + "percentage" + ], + "type": "object", + "additionalProperties": false + }, + "delay": { + "description": "The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.", + "properties": { + "fixedDelay": { + "description": "Specifies the value of the fixed delay interval.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.", + "type": "string" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "percentage": { + "description": "The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.", + "type": "number" + } + }, + "required": [ + "fixedDelay", + "percentage" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "requestMirrorPolicy": { + "description": "Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.", + "properties": { + "backendServiceRef": { + "description": "Required. The backend service resource being mirrored to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "backendServiceRef" + ], + "type": "object", + "additionalProperties": false + }, + "retryPolicy": { + "description": "Specifies the retry policy associated with this route.", + "properties": { + "numRetries": { + "description": "Specifies the allowed number retries. This number must be > 0.", + "type": "integer" + }, + "perTryTimeout": { + "description": "Specifies a non-zero timeout per retry attempt.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.", + "type": "string" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "retryConditions": { + "description": "Specifies one or more conditions when this retry rule applies. Valid values are:\n\n- 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n- gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n- connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n- retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n- refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n- cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n- deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n- resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n- unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.", + "type": "string" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "urlRewrite": { + "description": "The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service.", + "properties": { + "hostRewrite": { + "description": "Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.", + "type": "string" + }, + "pathPrefixRewrite": { + "description": "Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weightedBackendServices": { + "description": "A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.", + "items": { + "properties": { + "backendServiceRef": { + "description": "Required. The default backend service resource. Before forwarding\nthe request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "headerAction": { + "description": "Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.", + "properties": { + "requestHeadersToAdd": { + "description": "Headers to add to a matching request prior to forwarding the request to the\nbackendService.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeadersToAdd": { + "description": "Headers to add the response prior to sending the response back to the client.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "responseHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000.", + "type": "integer" + } + }, + "required": [ + "backendServiceRef", + "weight" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "service": { + "description": "The backend service to which traffic is directed if this rule is\nmatched.\nFor the Global URL Map, it should be a reference to the backend\nservice or backend bucket.\nFor the Regional URL Map, it should be a reference to the backend\nservice.\nIf routeAction is additionally specified, advanced routing actions\nlike URL Rewrites, etc. take effect prior to sending the request to\nthe backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendServices. Conversely, if routeAction\nspecifies any weightedBackendServices, service must not be\nspecified. Only one of urlRedirect, service or\nrouteAction.weightedBackendService must be set.", + "oneOf": [ + { + "required": [ + "backendBucketRef" + ] + }, + { + "required": [ + "backendServiceRef" + ] + } + ], + "properties": { + "backendBucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "backendServiceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "urlRedirect": { + "description": "When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.", + "properties": { + "hostRedirect": { + "description": "The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.", + "type": "string" + }, + "httpsRedirect": { + "description": "If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.", + "type": "boolean" + }, + "pathRedirect": { + "description": "The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.", + "type": "string" + }, + "prefixRedirect": { + "description": "The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.", + "type": "string" + }, + "redirectResponseCode": { + "description": "The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"].", + "type": "string" + }, + "stripQuery": { + "description": "If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.", + "type": "boolean" + } + }, + "required": [ + "stripQuery" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "paths" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "routeRules": { + "description": "The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.", + "items": { + "properties": { + "headerAction": { + "description": "Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction.", + "properties": { + "requestHeadersToAdd": { + "description": "Headers to add to a matching request prior to forwarding the request to the\nbackendService.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeadersToAdd": { + "description": "Headers to add the response prior to sending the response back to the client.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "responseHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "matchRules": { + "description": "The rules for determining a match.", + "items": { + "properties": { + "fullPathMatch": { + "description": "For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.", + "type": "string" + }, + "headerMatches": { + "description": "Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.", + "items": { + "properties": { + "exactMatch": { + "description": "The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.", + "type": "string" + }, + "headerName": { + "description": "The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".", + "type": "string" + }, + "invertMatch": { + "description": "If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.", + "type": "boolean" + }, + "prefixMatch": { + "description": "The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.", + "type": "string" + }, + "presentMatch": { + "description": "A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.", + "type": "boolean" + }, + "rangeMatch": { + "description": "The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0]\n\n* -3 will match\n* 0 will not match\n* 0.25 will not match\n* -3someString will not match.\n\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.", + "properties": { + "rangeEnd": { + "description": "The end of the range (exclusive).", + "type": "integer" + }, + "rangeStart": { + "description": "The start of the range (inclusive).", + "type": "integer" + } + }, + "required": [ + "rangeEnd", + "rangeStart" + ], + "type": "object", + "additionalProperties": false + }, + "regexMatch": { + "description": "The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.", + "type": "string" + }, + "suffixMatch": { + "description": "The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.", + "type": "string" + } + }, + "required": [ + "headerName" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "ignoreCase": { + "description": "Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.", + "type": "boolean" + }, + "metadataFilters": { + "description": "Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.", + "items": { + "properties": { + "filterLabels": { + "description": "The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.", + "items": { + "properties": { + "name": { + "description": "Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.", + "type": "string" + }, + "value": { + "description": "The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "filterMatchCriteria": { + "description": "Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n\n* MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n* MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"].", + "type": "string" + } + }, + "required": [ + "filterLabels", + "filterMatchCriteria" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "pathTemplateMatch": { + "description": "For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.", + "type": "string" + }, + "prefixMatch": { + "description": "For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.", + "type": "string" + }, + "queryParameterMatches": { + "description": "Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.", + "items": { + "properties": { + "exactMatch": { + "description": "The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.", + "type": "string" + }, + "name": { + "description": "The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.", + "type": "string" + }, + "presentMatch": { + "description": "Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.", + "type": "boolean" + }, + "regexMatch": { + "description": "The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "regexMatch": { + "description": "For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "priority": { + "description": "For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.", + "type": "integer" + }, + "routeAction": { + "description": "In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.", + "properties": { + "corsPolicy": { + "description": "The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing.", + "properties": { + "allowCredentials": { + "description": "In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.", + "type": "boolean" + }, + "allowHeaders": { + "description": "Specifies the content for the Access-Control-Allow-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowMethods": { + "description": "Specifies the content for the Access-Control-Allow-Methods header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOriginRegexes": { + "description": "Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOrigins": { + "description": "Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.", + "items": { + "type": "string" + }, + "type": "array" + }, + "disabled": { + "description": "If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.", + "type": "boolean" + }, + "exposeHeaders": { + "description": "Specifies the content for the Access-Control-Expose-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "maxAge": { + "description": "Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "faultInjectionPolicy": { + "description": "The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.", + "properties": { + "abort": { + "description": "The specification for how client requests are aborted as part of fault\ninjection.", + "properties": { + "httpStatus": { + "description": "The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.", + "type": "integer" + }, + "percentage": { + "description": "The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "delay": { + "description": "The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.", + "properties": { + "fixedDelay": { + "description": "Specifies the value of the fixed delay interval.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.", + "type": "string" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "percentage": { + "description": "The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "requestMirrorPolicy": { + "description": "Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.", + "properties": { + "backendServiceRef": { + "description": "Required. The backend service resource being mirrored to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "backendServiceRef" + ], + "type": "object", + "additionalProperties": false + }, + "retryPolicy": { + "description": "Specifies the retry policy associated with this route.", + "properties": { + "numRetries": { + "description": "Specifies the allowed number retries. This number must be > 0.", + "type": "integer" + }, + "perTryTimeout": { + "description": "Specifies a non-zero timeout per retry attempt.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.", + "type": "string" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "retryConditions": { + "description": "Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "numRetries" + ], + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.", + "properties": { + "nanos": { + "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.", + "type": "integer" + }, + "seconds": { + "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.", + "type": "string" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "urlRewrite": { + "description": "The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service.", + "properties": { + "hostRewrite": { + "description": "Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.", + "type": "string" + }, + "pathPrefixRewrite": { + "description": "Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.", + "type": "string" + }, + "pathTemplateRewrite": { + "description": "Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weightedBackendServices": { + "description": "A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.", + "items": { + "properties": { + "backendServiceRef": { + "description": "Required. The default backend service resource. Before forwarding\nthe request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "headerAction": { + "description": "Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.", + "properties": { + "requestHeadersToAdd": { + "description": "Headers to add to a matching request prior to forwarding the request to the\nbackendService.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requestHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeadersToAdd": { + "description": "Headers to add the response prior to sending the response back to the client.", + "items": { + "properties": { + "headerName": { + "description": "The name of the header.", + "type": "string" + }, + "headerValue": { + "description": "The value of the header to add.", + "type": "string" + }, + "replace": { + "description": "If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.", + "type": "boolean" + } + }, + "required": [ + "headerName", + "headerValue", + "replace" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "responseHeadersToRemove": { + "description": "A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000.", + "type": "integer" + } + }, + "required": [ + "backendServiceRef", + "weight" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "service": { + "description": "The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.", + "type": "string" + }, + "urlRedirect": { + "description": "When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.", + "properties": { + "hostRedirect": { + "description": "The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.", + "type": "string" + }, + "httpsRedirect": { + "description": "If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.", + "type": "boolean" + }, + "pathRedirect": { + "description": "The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.", + "type": "string" + }, + "prefixRedirect": { + "description": "The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.", + "type": "string" + }, + "redirectResponseCode": { + "description": "The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"].", + "type": "string" + }, + "stripQuery": { + "description": "If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained. The default value is false.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "priority" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "test": { + "description": "The list of expected URL mappings. Requests to update this UrlMap will\nsucceed only if all of the test cases pass.", + "items": { + "properties": { + "description": { + "description": "Description of this test case.", + "type": "string" + }, + "host": { + "description": "Host portion of the URL.", + "type": "string" + }, + "path": { + "description": "Path portion of the URL.", + "type": "string" + }, + "service": { + "description": "The backend service resource that should be matched by this test.\nFor the Global URL Map, it should be a reference to the backend\nservice or backend bucket.\nFor the Regional URL Map, it should be a reference to the backend\nservice.", + "oneOf": [ + { + "required": [ + "backendBucketRef" + ] + }, + { + "required": [ + "backendServiceRef" + ] + } + ], + "properties": { + "backendBucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "backendServiceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeBackendService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "host", + "path", + "service" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "fingerprint": { + "description": "Fingerprint of this resource. This field is used internally during\nupdates of this resource.", + "type": "string" + }, + "mapId": { + "description": "The unique identifier for the resource.", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computevpngateway_v1beta1.json b/compute.cnrm.cloud.google.com/computevpngateway_v1beta1.json new file mode 100644 index 00000000..0343b205 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computevpngateway_v1beta1.json @@ -0,0 +1,206 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "networkRef": { + "description": "The network this VPN gateway is accepting traffic for.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. The region this gateway should sit in.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "stackType": { + "description": "Immutable. The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"].", + "type": "string" + }, + "vpnInterfaces": { + "description": "Immutable. A list of interfaces on this VPN gateway.", + "items": { + "properties": { + "id": { + "description": "Immutable. The numeric ID of this VPN gateway interface.", + "type": "integer" + }, + "interconnectAttachmentRef": { + "description": "Immutable. When this value is present, the VPN Gateway will be used\nfor IPsec-encrypted Cloud Interconnect; all Egress or Ingress\ntraffic for this VPN Gateway interface will go through the specified\ninterconnect attachment resource. Not currently available publicly.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ipAddress": { + "description": "The external IP address for this VPN gateway interface.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "networkRef", + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/compute.cnrm.cloud.google.com/computevpntunnel_v1beta1.json b/compute.cnrm.cloud.google.com/computevpntunnel_v1beta1.json new file mode 100644 index 00000000..4bc737b5 --- /dev/null +++ b/compute.cnrm.cloud.google.com/computevpntunnel_v1beta1.json @@ -0,0 +1,443 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. An optional description of this resource.", + "type": "string" + }, + "ikeVersion": { + "description": "Immutable. IKE protocol version to use when establishing the VPN tunnel with\npeer VPN gateway.\nAcceptable IKE versions are 1 or 2. Default version is 2.", + "type": "integer" + }, + "localTrafficSelector": { + "description": "Immutable. Local traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "peerExternalGatewayInterface": { + "description": "Immutable. The interface ID of the external VPN gateway to which this VPN tunnel is connected.", + "type": "integer" + }, + "peerExternalGatewayRef": { + "description": "The peer side external VPN gateway to which this VPN tunnel\nis connected.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeExternalVPNGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "peerGCPGatewayRef": { + "description": "The peer side HA GCP VPN gateway to which this VPN tunnel is\nconnected. If provided, the VPN tunnel will automatically use the\nsame VPN gateway interface ID in the peer GCP VPN gateway.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeVPNGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "peerIp": { + "description": "Immutable. IP address of the peer VPN gateway. Only IPv4 is supported.", + "type": "string" + }, + "region": { + "description": "Immutable. The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'.", + "type": "string" + }, + "remoteTrafficSelector": { + "description": "Immutable. Remote traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "routerRef": { + "description": "The router to be used for dynamic routing.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeRouter` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sharedSecret": { + "description": "Immutable. Shared secret used to set the secure session between the Cloud VPN\ngateway and the peer VPN gateway.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "targetVPNGatewayRef": { + "description": "The ComputeTargetVPNGateway with which this VPN tunnel is\nassociated.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "vpnGatewayInterface": { + "description": "Immutable. The interface ID of the VPN gateway with which this VPN tunnel is associated.", + "type": "integer" + }, + "vpnGatewayRef": { + "description": "The ComputeVPNGateway with which this VPN tunnel is associated.\nThis must be used if a High Availability VPN gateway resource is\ncreated.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeVPNGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "region", + "sharedSecret" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTimestamp": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "detailedStatus": { + "description": "Detailed status message for the VPN tunnel.", + "type": "string" + }, + "labelFingerprint": { + "description": "The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + }, + "sharedSecretHash": { + "description": "Hash of the shared secret.", + "type": "string" + }, + "tunnelId": { + "description": "The unique identifier for the resource. This identifier is defined by the server.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/configcontroller.cnrm.cloud.google.com/configcontrollerinstance_v1beta1.json b/configcontroller.cnrm.cloud.google.com/configcontrollerinstance_v1beta1.json new file mode 100644 index 00000000..a28ceca8 --- /dev/null +++ b/configcontroller.cnrm.cloud.google.com/configcontrollerinstance_v1beta1.json @@ -0,0 +1,312 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "managementConfig": { + "description": "Immutable. Configuration of the cluster management", + "properties": { + "fullManagementConfig": { + "description": "Immutable. Configuration of the full (Autopilot) cluster management", + "properties": { + "clusterCidrBlock": { + "description": "Immutable. The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.", + "type": "string" + }, + "clusterNamedRange": { + "description": "Immutable. The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_cidr_block can be used to automatically create a GKE-managed one.", + "type": "string" + }, + "manBlock": { + "description": "Immutable. Master Authorized Network. Allows access to the k8s master from this block.", + "type": "string" + }, + "masterIPv4CidrBlock": { + "description": "Immutable. The /28 network that the masters will use.", + "type": "string" + }, + "networkRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Existing VPC Network to put the GKE cluster and nodes in.\n\nAllowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "servicesCidrBlock": { + "description": "Immutable. The IP address range for the cluster service IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.", + "type": "string" + }, + "servicesNamedRange": { + "description": "Immutable. The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_cidr_block can be used to automatically create a GKE-managed one.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "standardManagementConfig": { + "description": "Immutable. Configuration of the standard (GKE) cluster management", + "properties": { + "clusterCidrBlock": { + "description": "Immutable. The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.", + "type": "string" + }, + "clusterNamedRange": { + "description": "Immutable. The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_cidr_block can be used to automatically create a GKE-managed one.", + "type": "string" + }, + "manBlock": { + "description": "Immutable. Master Authorized Network. Allows access to the k8s master from this block.", + "type": "string" + }, + "masterIPv4CidrBlock": { + "description": "Immutable. The /28 network that the masters will use.", + "type": "string" + }, + "networkRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Existing VPC Network to put the GKE cluster and nodes in.\n\nAllowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "servicesCidrBlock": { + "description": "Immutable. The IP address range for the cluster service IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.", + "type": "string" + }, + "servicesNamedRange": { + "description": "Immutable. The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_cidr_block can be used to automatically create a GKE-managed one.", + "type": "string" + } + }, + "required": [ + "masterIPv4CidrBlock" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "usePrivateEndpoint": { + "description": "Immutable. Only allow access to the master's private endpoint IP.", + "type": "boolean" + } + }, + "required": [ + "location", + "managementConfig", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "gkeResourceLink": { + "description": "Output only. KrmApiHost GCP self link used for identifying the underlying endpoint (GKE cluster currently).", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Output only. The current state of the internal state machine for the KrmApiHost. Possible values: STATE_UNSPECIFIED, CREATING, RUNNING, DELETING, SUSPENDED, READ_ONLY", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/container.cnrm.cloud.google.com/containercluster_v1beta1.json b/container.cnrm.cloud.google.com/containercluster_v1beta1.json new file mode 100644 index 00000000..4d7a95f7 --- /dev/null +++ b/container.cnrm.cloud.google.com/containercluster_v1beta1.json @@ -0,0 +1,2247 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "addonsConfig": { + "description": "The configuration for addons supported by GKE.", + "properties": { + "cloudrunConfig": { + "description": "The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.", + "properties": { + "disabled": { + "type": "boolean" + }, + "loadBalancerType": { + "type": "string" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + }, + "configConnectorConfig": { + "description": "The of the Config Connector addon.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "dnsCacheConfig": { + "description": "The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "gcePersistentDiskCsiDriverConfig": { + "description": "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "gcpFilestoreCsiDriverConfig": { + "description": "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "gcsFuseCsiDriverConfig": { + "description": "The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "gkeBackupAgentConfig": { + "description": "The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "horizontalPodAutoscaling": { + "description": "The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.", + "properties": { + "disabled": { + "type": "boolean" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + }, + "httpLoadBalancing": { + "description": "The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.", + "properties": { + "disabled": { + "type": "boolean" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + }, + "istioConfig": { + "description": "The status of the Istio addon.", + "properties": { + "auth": { + "description": "The authentication type between services in Istio. Available options include AUTH_MUTUAL_TLS.", + "type": "string" + }, + "disabled": { + "description": "The status of the Istio addon, which makes it easy to set up Istio for services in a cluster. It is disabled by default. Set disabled = false to enable.", + "type": "boolean" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + }, + "kalmConfig": { + "description": "Configuration for the KALM addon, which manages the lifecycle of k8s. It is disabled by default; Set enabled = true to enable.", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "networkPolicyConfig": { + "description": "Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.", + "properties": { + "disabled": { + "type": "boolean" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "allowNetAdmin": { + "description": "Enable NET_ADMIN for this cluster.", + "type": "boolean" + }, + "authenticatorGroupsConfig": { + "description": "Configuration for the Google Groups for GKE feature.", + "properties": { + "securityGroup": { + "description": "The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.", + "type": "string" + } + }, + "required": [ + "securityGroup" + ], + "type": "object", + "additionalProperties": false + }, + "binaryAuthorization": { + "description": "Configuration options for the Binary Authorization feature.", + "properties": { + "enabled": { + "description": "DEPRECATED. Deprecated in favor of evaluation_mode. Enable Binary Authorization for this cluster.", + "type": "boolean" + }, + "evaluationMode": { + "description": "Mode of operation for Binary Authorization policy evaluation.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clusterAutoscaling": { + "description": "Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.", + "properties": { + "autoProvisioningDefaults": { + "description": "Contains defaults for a node pool created by NAP.", + "properties": { + "bootDiskKMSKeyRef": { + "description": "Immutable. The Customer Managed Encryption Key used to encrypt the\nboot disk attached to each node in the node pool.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "diskSize": { + "description": "Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.", + "type": "integer" + }, + "imageType": { + "description": "The default image type used by NAP once a new node pool is being created.", + "type": "string" + }, + "management": { + "description": "NodeManagement configuration for this NodePool.", + "properties": { + "autoRepair": { + "description": "Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.", + "type": "boolean" + }, + "autoUpgrade": { + "description": "Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.", + "type": "boolean" + }, + "upgradeOptions": { + "description": "Specifies the Auto Upgrade knobs for the node pool.", + "items": { + "properties": { + "autoUpgradeStartTime": { + "description": "This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.", + "type": "string" + }, + "description": { + "description": "This field is set when upgrades are about to commence with the description of the upgrade.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "minCpuPlatform": { + "description": "Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell.", + "type": "string" + }, + "oauthScopes": { + "description": "Scopes that are used by NAP when creating node pools.", + "items": { + "type": "string" + }, + "type": "array" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "shieldedInstanceConfig": { + "description": "Shielded Instance options.", + "properties": { + "enableIntegrityMonitoring": { + "description": "Defines whether the instance has integrity monitoring enabled.", + "type": "boolean" + }, + "enableSecureBoot": { + "description": "Defines whether the instance has Secure Boot enabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "upgradeSettings": { + "description": "Specifies the upgrade settings for NAP created node pools.", + "properties": { + "blueGreenSettings": { + "description": "Settings for blue-green upgrade strategy.", + "properties": { + "nodePoolSoakDuration": { + "description": "Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".", + "type": "string" + }, + "standardRolloutPolicy": { + "description": "Standard policy for the blue-green upgrade.", + "properties": { + "batchNodeCount": { + "description": "Number of blue nodes to drain in a batch.", + "type": "integer" + }, + "batchPercentage": { + "description": "Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].", + "type": "number" + }, + "batchSoakDuration": { + "description": "Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "maxSurge": { + "description": "The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.", + "type": "integer" + }, + "maxUnavailable": { + "description": "The maximum number of nodes that can be simultaneously unavailable during the upgrade process.", + "type": "integer" + }, + "strategy": { + "description": "Update strategy of the node pool.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "autoscalingProfile": { + "description": "Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.", + "type": "string" + }, + "enabled": { + "description": "Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning.", + "type": "boolean" + }, + "resourceLimits": { + "description": "Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning.", + "items": { + "properties": { + "maximum": { + "description": "Maximum amount of the resource in the cluster.", + "type": "integer" + }, + "minimum": { + "description": "Minimum amount of the resource in the cluster.", + "type": "integer" + }, + "resourceType": { + "description": "The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.", + "type": "string" + } + }, + "required": [ + "resourceType" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "clusterIpv4Cidr": { + "description": "Immutable. The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.", + "type": "string" + }, + "clusterTelemetry": { + "description": "Telemetry integration for the cluster.", + "properties": { + "type": { + "description": "Type of the integration.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "confidentialNodes": { + "description": "Immutable. Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.", + "properties": { + "enabled": { + "description": "Immutable. Whether Confidential Nodes feature is enabled for all nodes in this cluster.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "costManagementConfig": { + "description": "Cost management configuration for the cluster.", + "properties": { + "enabled": { + "description": "Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "databaseEncryption": { + "description": "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.", + "properties": { + "keyName": { + "description": "The key to use to encrypt/decrypt secrets.", + "type": "string" + }, + "state": { + "description": "ENCRYPTED or DECRYPTED.", + "type": "string" + } + }, + "required": [ + "state" + ], + "type": "object", + "additionalProperties": false + }, + "datapathProvider": { + "description": "Immutable. The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.", + "type": "string" + }, + "defaultMaxPodsPerNode": { + "description": "Immutable. The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.", + "type": "integer" + }, + "defaultSnatStatus": { + "description": "Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.", + "properties": { + "disabled": { + "description": "When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.", + "type": "boolean" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. Description of the cluster.", + "type": "string" + }, + "dnsConfig": { + "description": "Immutable. Configuration for Cloud DNS for Kubernetes Engine.", + "properties": { + "clusterDns": { + "description": "Which in-cluster DNS provider should be used.", + "type": "string" + }, + "clusterDnsDomain": { + "description": "The suffix used for all cluster service records.", + "type": "string" + }, + "clusterDnsScope": { + "description": "The scope of access to cluster DNS records.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "enableAutopilot": { + "description": "Immutable. Enable Autopilot for this cluster.", + "type": "boolean" + }, + "enableBinaryAuthorization": { + "description": "DEPRECATED. Deprecated in favor of binary_authorization. Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.", + "type": "boolean" + }, + "enableFqdnNetworkPolicy": { + "description": "Whether FQDN Network Policy is enabled on this cluster.", + "type": "boolean" + }, + "enableIntranodeVisibility": { + "description": "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.", + "type": "boolean" + }, + "enableK8sBetaApis": { + "description": "Configuration for Kubernetes Beta APIs.", + "properties": { + "enabledApis": { + "description": "Enabled Kubernetes Beta APIs.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "enabledApis" + ], + "type": "object", + "additionalProperties": false + }, + "enableKubernetesAlpha": { + "description": "Immutable. Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.", + "type": "boolean" + }, + "enableL4IlbSubsetting": { + "description": "Whether L4ILB Subsetting is enabled for this cluster.", + "type": "boolean" + }, + "enableLegacyAbac": { + "description": "Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.", + "type": "boolean" + }, + "enableMultiNetworking": { + "description": "Immutable. Whether multi-networking is enabled for this cluster.", + "type": "boolean" + }, + "enableShieldedNodes": { + "description": "Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.", + "type": "boolean" + }, + "enableTpu": { + "description": "Immutable. Whether to enable Cloud TPU resources in this cluster.", + "type": "boolean" + }, + "gatewayApiConfig": { + "description": "Configuration for GKE Gateway API controller.", + "properties": { + "channel": { + "description": "The Gateway API release channel to use for Gateway API.", + "type": "string" + } + }, + "required": [ + "channel" + ], + "type": "object", + "additionalProperties": false + }, + "identityServiceConfig": { + "description": "Configuration for Identity Service which allows customers to use external identity providers with the K8S API.", + "properties": { + "enabled": { + "description": "Whether to enable the Identity Service component.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "initialNodeCount": { + "description": "Immutable. The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.", + "type": "integer" + }, + "ipAllocationPolicy": { + "description": "Immutable. Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.", + "properties": { + "additionalPodRangesConfig": { + "description": "AdditionalPodRangesConfig is the configuration for additional pod secondary ranges supporting the ClusterUpdate message.", + "properties": { + "podRangeNames": { + "description": "Name for pod secondary ipv4 range which has the actual range defined ahead.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "podRangeNames" + ], + "type": "object", + "additionalProperties": false + }, + "clusterIpv4CidrBlock": { + "description": "Immutable. The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.", + "type": "string" + }, + "clusterSecondaryRangeName": { + "description": "Immutable. The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.", + "type": "string" + }, + "podCidrOverprovisionConfig": { + "description": "Immutable. Configuration for cluster level pod cidr overprovision. Default is disabled=false.", + "properties": { + "disabled": { + "type": "boolean" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + }, + "servicesIpv4CidrBlock": { + "description": "Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.", + "type": "string" + }, + "servicesSecondaryRangeName": { + "description": "Immutable. The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.", + "type": "string" + }, + "stackType": { + "description": "Immutable. The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.", + "type": "string" + }, + "loggingConfig": { + "description": "Logging configuration for the cluster.", + "properties": { + "enableComponents": { + "description": "GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "enableComponents" + ], + "type": "object", + "additionalProperties": false + }, + "loggingService": { + "description": "The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.", + "type": "string" + }, + "maintenancePolicy": { + "description": "The maintenance policy to use for the cluster.", + "properties": { + "dailyMaintenanceWindow": { + "description": "Time window specified for daily maintenance operations. Specify start_time in RFC3339 format \"HH:MM\u201d, where HH : [00-23] and MM : [00-59] GMT.", + "properties": { + "duration": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "required": [ + "startTime" + ], + "type": "object", + "additionalProperties": false + }, + "maintenanceExclusion": { + "description": "Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.", + "items": { + "properties": { + "endTime": { + "type": "string" + }, + "exclusionName": { + "type": "string" + }, + "exclusionOptions": { + "description": "Maintenance exclusion related options.", + "properties": { + "scope": { + "description": "The scope of automatic upgrades to restrict in the exclusion window.", + "type": "string" + } + }, + "required": [ + "scope" + ], + "type": "object", + "additionalProperties": false + }, + "startTime": { + "type": "string" + } + }, + "required": [ + "endTime", + "exclusionName", + "startTime" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "recurringWindow": { + "description": "Time window for recurring maintenance operations.", + "properties": { + "endTime": { + "type": "string" + }, + "recurrence": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "required": [ + "endTime", + "recurrence", + "startTime" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "masterAuth": { + "description": "DEPRECATED. Basic authentication was removed for GKE cluster versions >= 1.19. The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.", + "properties": { + "clientCertificate": { + "description": "Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.", + "type": "string" + }, + "clientCertificateConfig": { + "description": "Immutable. Whether client certificate authorization is enabled for this cluster.", + "properties": { + "issueClientCertificate": { + "description": "Immutable. Whether client certificate authorization is enabled for this cluster.", + "type": "boolean" + } + }, + "required": [ + "issueClientCertificate" + ], + "type": "object", + "additionalProperties": false + }, + "clientKey": { + "description": "Base64 encoded private key used by clients to authenticate to the cluster endpoint.", + "type": "string" + }, + "clusterCaCertificate": { + "description": "Base64 encoded public certificate that is the root of trust for the cluster.", + "type": "string" + }, + "password": { + "description": "The password to use for HTTP basic authentication when accessing the Kubernetes master endpoint.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "username": { + "description": "The username to use for HTTP basic authentication when accessing the Kubernetes master endpoint. If not present basic auth will be disabled.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "masterAuthorizedNetworksConfig": { + "description": "The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).", + "properties": { + "cidrBlocks": { + "description": "External networks that can access the Kubernetes cluster master through HTTPS.", + "items": { + "properties": { + "cidrBlock": { + "description": "External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.", + "type": "string" + }, + "displayName": { + "description": "Field for users to identify CIDR blocks.", + "type": "string" + } + }, + "required": [ + "cidrBlock" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "gcpPublicCidrsAccessEnabled": { + "description": "Whether master is accessbile via Google Compute Engine Public IP addresses.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "meshCertificates": { + "description": "If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.", + "properties": { + "enableCertificates": { + "description": "When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.", + "type": "boolean" + } + }, + "required": [ + "enableCertificates" + ], + "type": "object", + "additionalProperties": false + }, + "minMasterVersion": { + "description": "The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).", + "type": "string" + }, + "monitoringConfig": { + "description": "Monitoring configuration for the cluster.", + "properties": { + "advancedDatapathObservabilityConfig": { + "description": "Configuration of Advanced Datapath Observability features.", + "items": { + "properties": { + "enableMetrics": { + "description": "Whether or not the advanced datapath metrics are enabled.", + "type": "boolean" + }, + "relayMode": { + "description": "Mode used to make Relay available.", + "type": "string" + } + }, + "required": [ + "enableMetrics" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "enableComponents": { + "description": "GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET and WORKLOADS.", + "items": { + "type": "string" + }, + "type": "array" + }, + "managedPrometheus": { + "description": "Configuration for Google Cloud Managed Services for Prometheus.", + "properties": { + "enabled": { + "description": "Whether or not the managed collection is enabled.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "monitoringService": { + "description": "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.", + "type": "string" + }, + "networkPolicy": { + "description": "Configuration options for the NetworkPolicy feature.", + "properties": { + "enabled": { + "description": "Whether network policy is enabled on the cluster.", + "type": "boolean" + }, + "provider": { + "description": "The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.", + "type": "string" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkingMode": { + "description": "Immutable. Determines whether alias IPs or routes will be used for pod IPs in the cluster.", + "type": "string" + }, + "nodeConfig": { + "description": "Immutable. The configuration of the nodepool.", + "properties": { + "advancedMachineFeatures": { + "description": "Immutable. Specifies options for controlling advanced machine features.", + "properties": { + "threadsPerCore": { + "description": "Immutable. The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.", + "type": "integer" + } + }, + "required": [ + "threadsPerCore" + ], + "type": "object", + "additionalProperties": false + }, + "bootDiskKMSCryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "confidentialNodes": { + "description": "Immutable. Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.", + "properties": { + "enabled": { + "description": "Immutable. Whether Confidential Nodes feature is enabled for all nodes in this pool.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "diskSizeGb": { + "description": "Immutable. Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.", + "type": "integer" + }, + "diskType": { + "description": "Immutable. Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd.", + "type": "string" + }, + "ephemeralStorageConfig": { + "description": "Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.", + "properties": { + "localSsdCount": { + "description": "Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.", + "type": "integer" + } + }, + "required": [ + "localSsdCount" + ], + "type": "object", + "additionalProperties": false + }, + "ephemeralStorageLocalSsdConfig": { + "description": "Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.", + "properties": { + "localSsdCount": { + "description": "Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.", + "type": "integer" + } + }, + "required": [ + "localSsdCount" + ], + "type": "object", + "additionalProperties": false + }, + "fastSocket": { + "description": "Enable or disable NCCL Fast Socket in the node pool.", + "properties": { + "enabled": { + "description": "Whether or not NCCL Fast Socket is enabled.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "gcfsConfig": { + "description": "Immutable. GCFS configuration for this node.", + "properties": { + "enabled": { + "description": "Immutable. Whether or not GCFS is enabled.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "guestAccelerator": { + "description": "Immutable. List of the type and count of accelerator cards attached to the instance.", + "items": { + "properties": { + "count": { + "description": "Immutable. The number of the accelerator cards exposed to an instance.", + "type": "integer" + }, + "gpuDriverInstallationConfig": { + "description": "Immutable. Configuration for auto installation of GPU driver.", + "properties": { + "gpuDriverVersion": { + "description": "Immutable. Mode for how the GPU driver is installed.", + "type": "string" + } + }, + "required": [ + "gpuDriverVersion" + ], + "type": "object", + "additionalProperties": false + }, + "gpuPartitionSize": { + "description": "Immutable. Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning).", + "type": "string" + }, + "gpuSharingConfig": { + "description": "Immutable. Configuration for GPU sharing.", + "properties": { + "gpuSharingStrategy": { + "description": "Immutable. The type of GPU sharing strategy to enable on the GPU node. Possible values are described in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig).", + "type": "string" + }, + "maxSharedClientsPerGpu": { + "description": "Immutable. The maximum number of containers that can share a GPU.", + "type": "integer" + } + }, + "required": [ + "gpuSharingStrategy", + "maxSharedClientsPerGpu" + ], + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. The accelerator type resource name.", + "type": "string" + } + }, + "required": [ + "count", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "gvnic": { + "description": "Immutable. Enable or disable gvnic in the node pool.", + "properties": { + "enabled": { + "description": "Immutable. Whether or not gvnic is enabled.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "hostMaintenancePolicy": { + "description": "Immutable. The maintenance policy for the hosts on which the GKE VMs run on.", + "properties": { + "maintenanceInterval": { + "description": "Immutable. .", + "type": "string" + } + }, + "required": [ + "maintenanceInterval" + ], + "type": "object", + "additionalProperties": false + }, + "imageType": { + "description": "The image type to use for this node. Note that for a given image type, the latest version of it will be used.", + "type": "string" + }, + "kubeletConfig": { + "description": "Node kubelet configs.", + "properties": { + "cpuCfsQuota": { + "description": "Enable CPU CFS quota enforcement for containers that specify CPU limits.", + "type": "boolean" + }, + "cpuCfsQuotaPeriod": { + "description": "Set the CPU CFS quota period value 'cpu.cfs_period_us'.", + "type": "string" + }, + "cpuManagerPolicy": { + "description": "Control the CPU management policy on the node.", + "type": "string" + }, + "podPidsLimit": { + "description": "Controls the maximum number of processes allowed to run in a pod.", + "type": "integer" + } + }, + "required": [ + "cpuManagerPolicy" + ], + "type": "object", + "additionalProperties": false + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.", + "type": "object" + }, + "linuxNodeConfig": { + "description": "Parameters that can be configured on Linux nodes.", + "properties": { + "sysctls": { + "additionalProperties": { + "type": "string" + }, + "description": "The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.", + "type": "object" + } + }, + "required": [ + "sysctls" + ], + "type": "object", + "additionalProperties": false + }, + "localNvmeSsdBlockConfig": { + "description": "Immutable. Parameters for raw-block local NVMe SSDs.", + "properties": { + "localSsdCount": { + "description": "Immutable. Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.", + "type": "integer" + } + }, + "required": [ + "localSsdCount" + ], + "type": "object", + "additionalProperties": false + }, + "localSsdCount": { + "description": "Immutable. The number of local SSD disks to be attached to the node.", + "type": "integer" + }, + "loggingVariant": { + "description": "Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.", + "type": "string" + }, + "machineType": { + "description": "Immutable. The name of a Google Compute Engine machine type.", + "type": "string" + }, + "metadata": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The metadata key/value pairs assigned to instances in the cluster.", + "type": "object" + }, + "minCpuPlatform": { + "description": "Immutable. Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.", + "type": "string" + }, + "nodeGroupRef": { + "description": "Immutable. Setting this field will assign instances\nof this pool to run on the specified node group. This is useful\nfor running workloads on sole tenant nodes.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeNodeGroup` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "oauthScopes": { + "description": "Immutable. The set of Google API scopes to be made available on all of the node VMs.", + "items": { + "type": "string" + }, + "type": "array" + }, + "preemptible": { + "description": "Immutable. Whether the nodes are created as preemptible VM instances.", + "type": "boolean" + }, + "reservationAffinity": { + "description": "Immutable. The reservation affinity configuration for the node pool.", + "properties": { + "consumeReservationType": { + "description": "Immutable. Corresponds to the type of reservation consumption.", + "type": "string" + }, + "key": { + "description": "Immutable. The label key of a reservation resource.", + "type": "string" + }, + "values": { + "description": "Immutable. The label values of the reservation resource.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "consumeReservationType" + ], + "type": "object", + "additionalProperties": false + }, + "resourceLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "The GCE resource labels (a map of key/value pairs) to be applied to the node pool.", + "type": "object" + }, + "sandboxConfig": { + "description": "Immutable. Sandbox configuration for this node.", + "properties": { + "sandboxType": { + "description": "Type of the sandbox to use for the node (e.g. 'gvisor').", + "type": "string" + } + }, + "required": [ + "sandboxType" + ], + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "shieldedInstanceConfig": { + "description": "Immutable. Shielded Instance options.", + "properties": { + "enableIntegrityMonitoring": { + "description": "Immutable. Defines whether the instance has integrity monitoring enabled.", + "type": "boolean" + }, + "enableSecureBoot": { + "description": "Immutable. Defines whether the instance has Secure Boot enabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "soleTenantConfig": { + "description": "Immutable. Node affinity options for sole tenant node pools.", + "properties": { + "nodeAffinity": { + "description": "Immutable. .", + "items": { + "properties": { + "key": { + "description": "Immutable. .", + "type": "string" + }, + "operator": { + "description": "Immutable. .", + "type": "string" + }, + "values": { + "description": "Immutable. .", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator", + "values" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "nodeAffinity" + ], + "type": "object", + "additionalProperties": false + }, + "spot": { + "description": "Immutable. Whether the nodes are created as spot VM instances.", + "type": "boolean" + }, + "tags": { + "description": "The list of instance tags applied to all nodes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "taint": { + "description": "Immutable. List of Kubernetes taints to be applied to each node.", + "items": { + "properties": { + "effect": { + "description": "Immutable. Effect for taint.", + "type": "string" + }, + "key": { + "description": "Immutable. Key for taint.", + "type": "string" + }, + "value": { + "description": "Immutable. Value for taint.", + "type": "string" + } + }, + "required": [ + "effect", + "key", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "workloadMetadataConfig": { + "description": "Immutable. The workload metadata configuration for this node.", + "properties": { + "mode": { + "description": "Mode is the configuration for how to expose metadata to workloads running on the node.", + "type": "string" + }, + "nodeMetadata": { + "description": "DEPRECATED. Deprecated in favor of mode. NodeMetadata is the configuration for how to expose metadata to the workloads running on the node.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "nodeLocations": { + "description": "The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.", + "items": { + "type": "string" + }, + "type": "array" + }, + "nodePoolAutoConfig": { + "description": "Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.", + "properties": { + "networkTags": { + "description": "Collection of Compute Engine network tags that can be applied to a node's underlying VM instance.", + "properties": { + "tags": { + "description": "List of network tags applied to auto-provisioned node pools.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "nodePoolDefaults": { + "description": "The default nodel pool settings for the entire cluster.", + "properties": { + "nodeConfigDefaults": { + "description": "Subset of NodeConfig message that has defaults.", + "properties": { + "gcfsConfig": { + "description": "GCFS configuration for this node.", + "properties": { + "enabled": { + "description": "Whether or not GCFS is enabled.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "loggingVariant": { + "description": "Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "nodeVersion": { + "type": "string" + }, + "notificationConfig": { + "description": "The notification config for sending cluster upgrade notifications.", + "properties": { + "pubsub": { + "description": "Notification config for Cloud Pub/Sub.", + "properties": { + "enabled": { + "description": "Whether or not the notification config is enabled.", + "type": "boolean" + }, + "filter": { + "description": "Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent.", + "properties": { + "eventType": { + "description": "Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "eventType" + ], + "type": "object", + "additionalProperties": false + }, + "topicRef": { + "description": "The PubSubTopic to send the notification to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "pubsub" + ], + "type": "object", + "additionalProperties": false + }, + "podSecurityPolicyConfig": { + "description": "Configuration for the PodSecurityPolicy feature.", + "properties": { + "enabled": { + "description": "Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "privateClusterConfig": { + "description": "Configuration for private clusters, clusters with private nodes.", + "properties": { + "enablePrivateEndpoint": { + "description": "When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used.", + "type": "boolean" + }, + "enablePrivateNodes": { + "description": "Immutable. Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.", + "type": "boolean" + }, + "masterGlobalAccessConfig": { + "description": "Controls cluster master global access settings.", + "properties": { + "enabled": { + "description": "Whether the cluster master is accessible globally or not.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "masterIpv4CidrBlock": { + "description": "Immutable. The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.", + "type": "string" + }, + "peeringName": { + "description": "The name of the peering between this cluster and the Google owned VPC.", + "type": "string" + }, + "privateEndpoint": { + "description": "The internal IP address of this cluster's master endpoint.", + "type": "string" + }, + "privateEndpointSubnetworkRef": { + "description": "Immutable. Subnetwork in cluster's network where master's endpoint\nwill be provisioned.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "publicEndpoint": { + "description": "The external IP address of this cluster's master endpoint.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "privateIpv6GoogleAccess": { + "description": "The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).", + "type": "string" + }, + "protectConfig": { + "description": "Enable/Disable Protect API features for the cluster.", + "properties": { + "workloadConfig": { + "description": "WorkloadConfig defines which actions are enabled for a cluster's workload configurations.", + "properties": { + "auditMode": { + "description": "Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC.", + "type": "string" + } + }, + "required": [ + "auditMode" + ], + "type": "object", + "additionalProperties": false + }, + "workloadVulnerabilityMode": { + "description": "Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "releaseChannel": { + "description": "Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.", + "properties": { + "channel": { + "description": "The selected release channel. Accepted values are:\n* UNSPECIFIED: Not set.\n* RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.\n* REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.\n* STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.", + "type": "string" + } + }, + "required": [ + "channel" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "resourceUsageExportConfig": { + "description": "Configuration for the ResourceUsageExportConfig feature.", + "properties": { + "bigqueryDestination": { + "description": "Parameters for using BigQuery as the destination of resource usage export.", + "properties": { + "datasetId": { + "description": "The ID of a BigQuery Dataset.", + "type": "string" + } + }, + "required": [ + "datasetId" + ], + "type": "object", + "additionalProperties": false + }, + "enableNetworkEgressMetering": { + "description": "Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.", + "type": "boolean" + }, + "enableResourceConsumptionMetering": { + "description": "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.", + "type": "boolean" + } + }, + "required": [ + "bigqueryDestination" + ], + "type": "object", + "additionalProperties": false + }, + "securityPostureConfig": { + "description": "Defines the config needed to enable/disable features for the Security Posture API.", + "properties": { + "mode": { + "description": "Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC.", + "type": "string" + }, + "vulnerabilityMode": { + "description": "Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceExternalIpsConfig": { + "description": "If set, and enabled=true, services with external ips field will not be blocked.", + "properties": { + "enabled": { + "description": "When enabled, services with exterenal ips specified will be allowed.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "subnetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "verticalPodAutoscaling": { + "description": "Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.", + "properties": { + "enabled": { + "description": "Enables vertical pod autoscaling.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "workloadIdentityConfig": { + "description": "Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.", + "properties": { + "identityNamespace": { + "description": "DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field.\nEnables workload identity.", + "type": "string" + }, + "workloadPool": { + "description": "The workload pool to attach all Kubernetes service accounts to.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "endpoint": { + "description": "The IP address of this cluster's Kubernetes master.", + "type": "string" + }, + "labelFingerprint": { + "description": "The fingerprint of the set of labels for this cluster.", + "type": "string" + }, + "masterVersion": { + "description": "The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "observedState": { + "description": "The observed state of the underlying GCP resource.", + "properties": { + "masterAuth": { + "description": "DEPRECATED. Basic authentication was removed for GKE cluster versions >= 1.19. The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.", + "properties": { + "clientCertificate": { + "description": "Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "operation": { + "type": "string" + }, + "selfLink": { + "description": "Server-defined URL for the resource.", + "type": "string" + }, + "servicesIpv4Cidr": { + "description": "The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.", + "type": "string" + }, + "tpuIpv4CidrBlock": { + "description": "The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/container.cnrm.cloud.google.com/containernodepool_v1beta1.json b/container.cnrm.cloud.google.com/containernodepool_v1beta1.json new file mode 100644 index 00000000..e25e316d --- /dev/null +++ b/container.cnrm.cloud.google.com/containernodepool_v1beta1.json @@ -0,0 +1,1145 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "autoscaling": { + "description": "Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage. To disable autoscaling, set minNodeCount and maxNodeCount to 0.", + "properties": { + "locationPolicy": { + "description": "Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.", + "type": "string" + }, + "maxNodeCount": { + "description": "Maximum number of nodes per zone in the node pool. Must be >= min_node_count. Cannot be used with total limits.", + "type": "integer" + }, + "minNodeCount": { + "description": "Minimum number of nodes per zone in the node pool. Must be >=0 and <= max_node_count. Cannot be used with total limits.", + "type": "integer" + }, + "totalMaxNodeCount": { + "description": "Maximum number of all nodes in the node pool. Must be >= total_min_node_count. Cannot be used with per zone limits.", + "type": "integer" + }, + "totalMinNodeCount": { + "description": "Minimum number of all nodes in the node pool. Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "clusterRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ContainerCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "initialNodeCount": { + "description": "Immutable. The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.", + "type": "integer" + }, + "location": { + "description": "Immutable. The location (region or zone) of the cluster.", + "type": "string" + }, + "management": { + "description": "Node management configuration, wherein auto-repair and auto-upgrade is configured.", + "properties": { + "autoRepair": { + "description": "Whether the nodes will be automatically repaired.", + "type": "boolean" + }, + "autoUpgrade": { + "description": "Whether the nodes will be automatically upgraded.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "maxPodsPerNode": { + "description": "Immutable. The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.", + "type": "integer" + }, + "namePrefix": { + "description": "Immutable. Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.", + "type": "string" + }, + "networkConfig": { + "description": "Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.", + "properties": { + "additionalNodeNetworkConfigs": { + "description": "Immutable. We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface.", + "items": { + "properties": { + "networkRef": { + "description": "Immutable. Name of the VPC where the additional interface belongs.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subnetworkRef": { + "description": "Immutable. Name of the subnetwork where the additional interface belongs.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "additionalPodNetworkConfigs": { + "description": "Immutable. We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node.", + "items": { + "properties": { + "maxPodsPerNode": { + "description": "Immutable. The maximum number of pods per node which use this pod network.", + "type": "integer" + }, + "secondaryPodRange": { + "description": "Immutable. The name of the secondary range on the subnet which provides IP address for this pod range.", + "type": "string" + }, + "subnetworkRef": { + "description": "Immutable. Name of the subnetwork where the additional pod network belongs.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createPodRange": { + "description": "Immutable. Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.", + "type": "boolean" + }, + "enablePrivateNodes": { + "description": "Whether nodes have internal IP addresses only.", + "type": "boolean" + }, + "podCidrOverprovisionConfig": { + "description": "Immutable. Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited.", + "properties": { + "disabled": { + "type": "boolean" + } + }, + "required": [ + "disabled" + ], + "type": "object", + "additionalProperties": false + }, + "podIpv4CidrBlock": { + "description": "Immutable. The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.", + "type": "string" + }, + "podRange": { + "description": "Immutable. The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nodeConfig": { + "description": "Immutable. The configuration of the nodepool.", + "properties": { + "advancedMachineFeatures": { + "description": "Immutable. Specifies options for controlling advanced machine features.", + "properties": { + "threadsPerCore": { + "description": "Immutable. The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.", + "type": "integer" + } + }, + "required": [ + "threadsPerCore" + ], + "type": "object", + "additionalProperties": false + }, + "bootDiskKMSCryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "confidentialNodes": { + "description": "Immutable. Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.", + "properties": { + "enabled": { + "description": "Immutable. Whether Confidential Nodes feature is enabled for all nodes in this pool.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "diskSizeGb": { + "description": "Immutable. Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.", + "type": "integer" + }, + "diskType": { + "description": "Immutable. Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd.", + "type": "string" + }, + "ephemeralStorageConfig": { + "description": "Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.", + "properties": { + "localSsdCount": { + "description": "Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.", + "type": "integer" + } + }, + "required": [ + "localSsdCount" + ], + "type": "object", + "additionalProperties": false + }, + "ephemeralStorageLocalSsdConfig": { + "description": "Immutable. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.", + "properties": { + "localSsdCount": { + "description": "Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.", + "type": "integer" + } + }, + "required": [ + "localSsdCount" + ], + "type": "object", + "additionalProperties": false + }, + "fastSocket": { + "description": "Enable or disable NCCL Fast Socket in the node pool.", + "properties": { + "enabled": { + "description": "Whether or not NCCL Fast Socket is enabled.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "gcfsConfig": { + "description": "Immutable. GCFS configuration for this node.", + "properties": { + "enabled": { + "description": "Immutable. Whether or not GCFS is enabled.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "guestAccelerator": { + "description": "Immutable. List of the type and count of accelerator cards attached to the instance.", + "items": { + "properties": { + "count": { + "description": "Immutable. The number of the accelerator cards exposed to an instance.", + "type": "integer" + }, + "gpuDriverInstallationConfig": { + "description": "Immutable. Configuration for auto installation of GPU driver.", + "properties": { + "gpuDriverVersion": { + "description": "Immutable. Mode for how the GPU driver is installed.", + "type": "string" + } + }, + "required": [ + "gpuDriverVersion" + ], + "type": "object", + "additionalProperties": false + }, + "gpuPartitionSize": { + "description": "Immutable. Size of partitions to create on the GPU. Valid values are described in the NVIDIA mig user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning).", + "type": "string" + }, + "gpuSharingConfig": { + "description": "Immutable. Configuration for GPU sharing.", + "properties": { + "gpuSharingStrategy": { + "description": "Immutable. The type of GPU sharing strategy to enable on the GPU node. Possible values are described in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig).", + "type": "string" + }, + "maxSharedClientsPerGpu": { + "description": "Immutable. The maximum number of containers that can share a GPU.", + "type": "integer" + } + }, + "required": [ + "gpuSharingStrategy", + "maxSharedClientsPerGpu" + ], + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. The accelerator type resource name.", + "type": "string" + } + }, + "required": [ + "count", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "gvnic": { + "description": "Immutable. Enable or disable gvnic in the node pool.", + "properties": { + "enabled": { + "description": "Immutable. Whether or not gvnic is enabled.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "hostMaintenancePolicy": { + "description": "Immutable. The maintenance policy for the hosts on which the GKE VMs run on.", + "properties": { + "maintenanceInterval": { + "description": "Immutable. .", + "type": "string" + } + }, + "required": [ + "maintenanceInterval" + ], + "type": "object", + "additionalProperties": false + }, + "imageType": { + "description": "The image type to use for this node. Note that for a given image type, the latest version of it will be used.", + "type": "string" + }, + "kubeletConfig": { + "description": "Node kubelet configs.", + "properties": { + "cpuCfsQuota": { + "description": "Enable CPU CFS quota enforcement for containers that specify CPU limits.", + "type": "boolean" + }, + "cpuCfsQuotaPeriod": { + "description": "Set the CPU CFS quota period value 'cpu.cfs_period_us'.", + "type": "string" + }, + "cpuManagerPolicy": { + "description": "Control the CPU management policy on the node.", + "type": "string" + }, + "podPidsLimit": { + "description": "Controls the maximum number of processes allowed to run in a pod.", + "type": "integer" + } + }, + "required": [ + "cpuManagerPolicy" + ], + "type": "object", + "additionalProperties": false + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.", + "type": "object" + }, + "linuxNodeConfig": { + "description": "Parameters that can be configured on Linux nodes.", + "properties": { + "sysctls": { + "additionalProperties": { + "type": "string" + }, + "description": "The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.", + "type": "object" + } + }, + "required": [ + "sysctls" + ], + "type": "object", + "additionalProperties": false + }, + "localNvmeSsdBlockConfig": { + "description": "Immutable. Parameters for raw-block local NVMe SSDs.", + "properties": { + "localSsdCount": { + "description": "Immutable. Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.", + "type": "integer" + } + }, + "required": [ + "localSsdCount" + ], + "type": "object", + "additionalProperties": false + }, + "localSsdCount": { + "description": "Immutable. The number of local SSD disks to be attached to the node.", + "type": "integer" + }, + "loggingVariant": { + "description": "Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.", + "type": "string" + }, + "machineType": { + "description": "Immutable. The name of a Google Compute Engine machine type.", + "type": "string" + }, + "metadata": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The metadata key/value pairs assigned to instances in the cluster.", + "type": "object" + }, + "minCpuPlatform": { + "description": "Immutable. Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.", + "type": "string" + }, + "nodeGroupRef": { + "description": "Immutable. Setting this field will assign instances\nof this pool to run on the specified node group. This is useful\nfor running workloads on sole tenant nodes.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeNodeGroup` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "oauthScopes": { + "description": "Immutable. The set of Google API scopes to be made available on all of the node VMs.", + "items": { + "type": "string" + }, + "type": "array" + }, + "preemptible": { + "description": "Immutable. Whether the nodes are created as preemptible VM instances.", + "type": "boolean" + }, + "reservationAffinity": { + "description": "Immutable. The reservation affinity configuration for the node pool.", + "properties": { + "consumeReservationType": { + "description": "Immutable. Corresponds to the type of reservation consumption.", + "type": "string" + }, + "key": { + "description": "Immutable. The label key of a reservation resource.", + "type": "string" + }, + "values": { + "description": "Immutable. The label values of the reservation resource.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "consumeReservationType" + ], + "type": "object", + "additionalProperties": false + }, + "resourceLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "The GCE resource labels (a map of key/value pairs) to be applied to the node pool.", + "type": "object" + }, + "sandboxConfig": { + "description": "Immutable. Sandbox configuration for this node.", + "properties": { + "sandboxType": { + "description": "Type of the sandbox to use for the node (e.g. 'gvisor').", + "type": "string" + } + }, + "required": [ + "sandboxType" + ], + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "shieldedInstanceConfig": { + "description": "Immutable. Shielded Instance options.", + "properties": { + "enableIntegrityMonitoring": { + "description": "Immutable. Defines whether the instance has integrity monitoring enabled.", + "type": "boolean" + }, + "enableSecureBoot": { + "description": "Immutable. Defines whether the instance has Secure Boot enabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "soleTenantConfig": { + "description": "Immutable. Node affinity options for sole tenant node pools.", + "properties": { + "nodeAffinity": { + "description": "Immutable. .", + "items": { + "properties": { + "key": { + "description": "Immutable. .", + "type": "string" + }, + "operator": { + "description": "Immutable. .", + "type": "string" + }, + "values": { + "description": "Immutable. .", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key", + "operator", + "values" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "nodeAffinity" + ], + "type": "object", + "additionalProperties": false + }, + "spot": { + "description": "Immutable. Whether the nodes are created as spot VM instances.", + "type": "boolean" + }, + "tags": { + "description": "The list of instance tags applied to all nodes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "taint": { + "description": "Immutable. List of Kubernetes taints to be applied to each node.", + "items": { + "properties": { + "effect": { + "description": "Immutable. Effect for taint.", + "type": "string" + }, + "key": { + "description": "Immutable. Key for taint.", + "type": "string" + }, + "value": { + "description": "Immutable. Value for taint.", + "type": "string" + } + }, + "required": [ + "effect", + "key", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "workloadMetadataConfig": { + "description": "The workload metadata configuration for this node.", + "properties": { + "mode": { + "description": "Mode is the configuration for how to expose metadata to workloads running on the node.", + "type": "string" + }, + "nodeMetadata": { + "description": "DEPRECATED. Deprecated in favor of mode. NodeMetadata is the configuration for how to expose metadata to the workloads running on the node.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "nodeCount": { + "description": "The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.", + "type": "integer" + }, + "nodeLocations": { + "description": "The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.", + "items": { + "type": "string" + }, + "type": "array" + }, + "placementPolicy": { + "description": "Immutable. Specifies the node placement policy.", + "properties": { + "policyNameRef": { + "description": "Immutable. If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeResourcePolicy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tpuTopology": { + "description": "TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies.", + "type": "string" + }, + "type": { + "description": "Type defines the type of placement policy.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "upgradeSettings": { + "description": "Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.", + "properties": { + "blueGreenSettings": { + "description": "Settings for BlueGreen node pool upgrade.", + "properties": { + "nodePoolSoakDuration": { + "description": "Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.", + "type": "string" + }, + "standardRolloutPolicy": { + "description": "Standard rollout policy is the default policy for blue-green.", + "properties": { + "batchNodeCount": { + "description": "Number of blue nodes to drain in a batch.", + "type": "integer" + }, + "batchPercentage": { + "description": "Percentage of the blue pool nodes to drain in a batch.", + "type": "number" + }, + "batchSoakDuration": { + "description": "Soak time after each batch gets drained.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "standardRolloutPolicy" + ], + "type": "object", + "additionalProperties": false + }, + "maxSurge": { + "description": "The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.", + "type": "integer" + }, + "maxUnavailable": { + "description": "The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.", + "type": "integer" + }, + "strategy": { + "description": "Update strategy for the given nodepool.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "version": { + "type": "string" + } + }, + "required": [ + "clusterRef", + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "instanceGroupUrls": { + "description": "The resource URLs of the managed instance groups associated with this node pool.", + "items": { + "type": "string" + }, + "type": "array" + }, + "managedInstanceGroupUrls": { + "description": "List of instance group URLs which have been assigned to this node pool.", + "items": { + "type": "string" + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "observedState": { + "description": "The observed state of the underlying GCP resource.", + "properties": { + "version": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "operation": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/containeranalysis.cnrm.cloud.google.com/containeranalysisnote_v1beta1.json b/containeranalysis.cnrm.cloud.google.com/containeranalysisnote_v1beta1.json new file mode 100644 index 00000000..d0228a39 --- /dev/null +++ b/containeranalysis.cnrm.cloud.google.com/containeranalysisnote_v1beta1.json @@ -0,0 +1,618 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "attestation": { + "description": "A note describing an attestation role.", + "properties": { + "hint": { + "description": "Hint hints at the purpose of the attestation authority.", + "properties": { + "humanReadableName": { + "description": "Required. The human readable name of this attestation authority, for example \"qa\".", + "type": "string" + } + }, + "required": [ + "humanReadableName" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "build": { + "description": "A note describing build provenance for a verifiable build.", + "properties": { + "builderVersion": { + "description": "Required. Immutable. Version of the builder which produced this build.", + "type": "string" + } + }, + "required": [ + "builderVersion" + ], + "type": "object", + "additionalProperties": false + }, + "deployment": { + "description": "A note describing something that can be deployed.", + "properties": { + "resourceUri": { + "description": "Required. Resource URI for the artifact being deployed.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "resourceUri" + ], + "type": "object", + "additionalProperties": false + }, + "discovery": { + "description": "A note describing the initial analysis of a resource.", + "properties": { + "analysisKind": { + "description": "The kind of analysis that is handled by this discovery. Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE", + "type": "string" + } + }, + "required": [ + "analysisKind" + ], + "type": "object", + "additionalProperties": false + }, + "expirationTime": { + "description": "Time of expiration for this note. Empty if note does not expire.", + "format": "date-time", + "type": "string" + }, + "image": { + "description": "A note describing a base image.", + "properties": { + "fingerprint": { + "description": "Required. Immutable. The fingerprint of the base image.", + "properties": { + "v1Name": { + "description": "Required. The layer ID of the final layer in the Docker image's v1 representation.", + "type": "string" + }, + "v2Blob": { + "description": "Required. The ordered list of v2 blobs that represent a given image.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "v1Name", + "v2Blob" + ], + "type": "object", + "additionalProperties": false + }, + "resourceUrl": { + "description": "Required. Immutable. The resource_url for the resource representing the basis of associated occurrence images.", + "type": "string" + } + }, + "required": [ + "fingerprint", + "resourceUrl" + ], + "type": "object", + "additionalProperties": false + }, + "longDescription": { + "description": "A detailed description of this note.", + "type": "string" + }, + "package": { + "description": "Required for non-Windows OS. The package this Upgrade is for.", + "properties": { + "distribution": { + "description": "The various channels by which a package is distributed.", + "items": { + "properties": { + "architecture": { + "description": "The CPU architecture for which packages in this distribution channel were built Possible values: ARCHITECTURE_UNSPECIFIED, X86, X64", + "type": "string" + }, + "cpeUri": { + "description": "The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) denoting the package manager version distributing a package.", + "type": "string" + }, + "description": { + "description": "The distribution channel-specific description of this package.", + "type": "string" + }, + "latestVersion": { + "description": "The latest available version of this package in this distribution channel.", + "properties": { + "epoch": { + "description": "Used to correct mistakes in the version numbering scheme.", + "format": "int64", + "type": "integer" + }, + "fullName": { + "description": "Human readable version string. This string is of the form :- and is only set when kind is NORMAL.", + "type": "string" + }, + "kind": { + "description": "Distinguish between sentinel MIN/MAX versions and normal versions. If kind is not NORMAL, then the other fields are ignored. Possible values: VERSION_KIND_UNSPECIFIED, NORMAL, MINIMUM, MAXIMUM", + "type": "string" + }, + "name": { + "description": "The main part of the version name.", + "type": "string" + }, + "revision": { + "description": "The iteration of the package build from the above version.", + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object", + "additionalProperties": false + }, + "maintainer": { + "description": "A freeform string denoting the maintainer of this package.", + "type": "string" + }, + "url": { + "description": "The distribution channel-specific homepage for this package.", + "type": "string" + } + }, + "required": [ + "cpeUri" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The name of the package.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "relatedNoteNames": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "relatedUrl": { + "description": "URLs associated with this note.", + "items": { + "properties": { + "label": { + "description": "Label to describe usage of the URL", + "type": "string" + }, + "url": { + "description": "Specific URL to associate with the note", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "shortDescription": { + "description": "A one sentence description of this note.", + "type": "string" + }, + "vulnerability": { + "description": "A note describing a package vulnerability.", + "properties": { + "cvssScore": { + "description": "The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 where 0 indicates low severity and 10 indicates high severity.", + "format": "double", + "type": "number" + }, + "cvssV3": { + "description": "The full description of the CVSSv3 for this vulnerability.", + "properties": { + "attackComplexity": { + "description": " Possible values: ATTACK_COMPLEXITY_UNSPECIFIED, ATTACK_COMPLEXITY_LOW, ATTACK_COMPLEXITY_HIGH", + "type": "string" + }, + "attackVector": { + "description": "Base Metrics Represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments. Possible values: ATTACK_VECTOR_UNSPECIFIED, ATTACK_VECTOR_NETWORK, ATTACK_VECTOR_ADJACENT, ATTACK_VECTOR_LOCAL, ATTACK_VECTOR_PHYSICAL", + "type": "string" + }, + "availabilityImpact": { + "description": " Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, IMPACT_LOW, IMPACT_NONE", + "type": "string" + }, + "baseScore": { + "description": "The base score is a function of the base metric scores.", + "format": "double", + "type": "number" + }, + "confidentialityImpact": { + "description": " Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, IMPACT_LOW, IMPACT_NONE", + "type": "string" + }, + "exploitabilityScore": { + "format": "double", + "type": "number" + }, + "impactScore": { + "format": "double", + "type": "number" + }, + "integrityImpact": { + "description": " Possible values: IMPACT_UNSPECIFIED, IMPACT_HIGH, IMPACT_LOW, IMPACT_NONE", + "type": "string" + }, + "privilegesRequired": { + "description": " Possible values: PRIVILEGES_REQUIRED_UNSPECIFIED, PRIVILEGES_REQUIRED_NONE, PRIVILEGES_REQUIRED_LOW, PRIVILEGES_REQUIRED_HIGH", + "type": "string" + }, + "scope": { + "description": " Possible values: SCOPE_UNSPECIFIED, SCOPE_UNCHANGED, SCOPE_CHANGED", + "type": "string" + }, + "userInteraction": { + "description": " Possible values: USER_INTERACTION_UNSPECIFIED, USER_INTERACTION_NONE, USER_INTERACTION_REQUIRED", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "details": { + "description": "Details of all known distros and packages affected by this vulnerability.", + "items": { + "properties": { + "affectedCpeUri": { + "description": "Required. The (https://cpe.mitre.org/specification/) this vulnerability affects.", + "type": "string" + }, + "affectedPackage": { + "description": "Required. The package this vulnerability affects.", + "type": "string" + }, + "affectedVersionEnd": { + "description": "The version number at the end of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: ) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.", + "properties": { + "epoch": { + "description": "Used to correct mistakes in the version numbering scheme.", + "format": "int64", + "type": "integer" + }, + "fullName": { + "description": "Human readable version string. This string is of the form :- and is only set when kind is NORMAL.", + "type": "string" + }, + "kind": { + "description": "Required. Distinguishes between sentinel MIN/MAX versions and normal versions. Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE", + "type": "string" + }, + "name": { + "description": "Required only when version kind is NORMAL. The main part of the version name.", + "type": "string" + }, + "revision": { + "description": "The iteration of the package build from the above version.", + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object", + "additionalProperties": false + }, + "affectedVersionStart": { + "description": "The version number at the start of an interval in which this vulnerability exists. A vulnerability can affect a package between version numbers that are disjoint sets of intervals (example: ) each of which will be represented in its own Detail. If a specific affected version is provided by a vulnerability database, affected_version_start and affected_version_end will be the same in that Detail.", + "properties": { + "epoch": { + "description": "Used to correct mistakes in the version numbering scheme.", + "format": "int64", + "type": "integer" + }, + "fullName": { + "description": "Human readable version string. This string is of the form :- and is only set when kind is NORMAL.", + "type": "string" + }, + "kind": { + "description": "Required. Distinguishes between sentinel MIN/MAX versions and normal versions. Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE", + "type": "string" + }, + "name": { + "description": "Required only when version kind is NORMAL. The main part of the version name.", + "type": "string" + }, + "revision": { + "description": "The iteration of the package build from the above version.", + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "A vendor-specific description of this vulnerability.", + "type": "string" + }, + "fixedCpeUri": { + "description": "The distro recommended (https://cpe.mitre.org/specification/) to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_cpe_uri.", + "type": "string" + }, + "fixedPackage": { + "description": "The distro recommended package to update to that contains a fix for this vulnerability. It is possible for this to be different from the affected_package.", + "type": "string" + }, + "fixedVersion": { + "description": "The distro recommended version to update to that contains a fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no such version is yet available.", + "properties": { + "epoch": { + "description": "Used to correct mistakes in the version numbering scheme.", + "format": "int64", + "type": "integer" + }, + "fullName": { + "description": "Human readable version string. This string is of the form :- and is only set when kind is NORMAL.", + "type": "string" + }, + "kind": { + "description": "Required. Distinguishes between sentinel MIN/MAX versions and normal versions. Possible values: NOTE_KIND_UNSPECIFIED, VULNERABILITY, BUILD, IMAGE, PACKAGE, DEPLOYMENT, DISCOVERY, ATTESTATION, UPGRADE", + "type": "string" + }, + "name": { + "description": "Required only when version kind is NORMAL. The main part of the version name.", + "type": "string" + }, + "revision": { + "description": "The iteration of the package build from the above version.", + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object", + "additionalProperties": false + }, + "isObsolete": { + "description": "Whether this detail is obsolete. Occurrences are expected not to point to obsolete details.", + "type": "boolean" + }, + "packageType": { + "description": "The type of package; whether native or non native (e.g., ruby gems, node.js packages, etc.).", + "type": "string" + }, + "severityName": { + "description": "The distro assigned severity of this vulnerability.", + "type": "string" + }, + "sourceUpdateTime": { + "description": "The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "affectedCpeUri", + "affectedPackage" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "severity": { + "description": "The note provider assigned severity of this vulnerability. Possible values: SEVERITY_UNSPECIFIED, MINIMAL, LOW, MEDIUM, HIGH, CRITICAL", + "type": "string" + }, + "sourceUpdateTime": { + "description": "The time this information was last changed at the source. This is an upstream timestamp from the underlying information source - e.g. Ubuntu security tracker.", + "format": "date-time", + "type": "string" + }, + "windowsDetails": { + "description": "Windows details get their own format because the information format and model don't match a normal detail. Specifically Windows updates are done as patches, thus Windows vulnerabilities really are a missing package, rather than a package being at an incorrect version.", + "items": { + "properties": { + "cpeUri": { + "description": "Required. The (https://cpe.mitre.org/specification/) this vulnerability affects.", + "type": "string" + }, + "description": { + "description": "The description of this vulnerability.", + "type": "string" + }, + "fixingKbs": { + "description": "Required. The names of the KBs which have hotfixes to mitigate this vulnerability. Note that there may be multiple hotfixes (and thus multiple KBs) that mitigate a given vulnerability. Currently any listed KBs presence is considered a fix.", + "items": { + "properties": { + "name": { + "description": "The KB name (generally of the form KB+ (e.g., KB123456)).", + "type": "string" + }, + "url": { + "description": "A link to the KB in the (https://www.catalog.update.microsoft.com/).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "Required. The name of this vulnerability.", + "type": "string" + } + }, + "required": [ + "cpeUri", + "fixingKbs", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time this note was created. This field can be used as a filter in list requests.", + "format": "date-time", + "type": "string" + }, + "image": { + "properties": { + "fingerprint": { + "properties": { + "v2Name": { + "description": "Output only. The name of the image's v2 blobs computed via: ) Only the name of the final blob is kept.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The time this note was last updated. This field can be used as a filter in list requests.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/containerattached.cnrm.cloud.google.com/containerattachedcluster_v1beta1.json b/containerattached.cnrm.cloud.google.com/containerattachedcluster_v1beta1.json new file mode 100644 index 00000000..2a79ade4 --- /dev/null +++ b/containerattached.cnrm.cloud.google.com/containerattachedcluster_v1beta1.json @@ -0,0 +1,364 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Annotations on the cluster. This field has the same\nrestrictions as Kubernetes annotations. The total size of all keys and\nvalues combined is limited to 256k. Key can have 2 segments: prefix (optional)\nand name (required), separated by a slash (/). Prefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.", + "type": "object" + }, + "authorization": { + "description": "Configuration related to the cluster RBAC settings.", + "properties": { + "adminUsers": { + "description": "Users that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the users. Up to ten admin users can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "binaryAuthorization": { + "description": "Binary Authorization configuration.", + "properties": { + "evaluationMode": { + "description": "Configure Binary Authorization evaluation mode. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "deletionPolicy": { + "description": "Policy to determine what flags to send on delete.", + "type": "string" + }, + "description": { + "description": "A human readable description of this attached cluster. Cannot be longer\nthan 255 UTF-8 encoded bytes.", + "type": "string" + }, + "distribution": { + "description": "Immutable. The Kubernetes distribution of the underlying attached cluster. Supported values:\n\"eks\", \"aks\".", + "type": "string" + }, + "fleet": { + "description": "Fleet configuration.", + "properties": { + "membership": { + "description": "The name of the managed Hub Membership resource associated to this\ncluster. Membership names are formatted as\nprojects//locations/global/membership/.", + "type": "string" + }, + "projectRef": { + "description": "The number of the Fleet host project where this cluster will be registered.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource.", + "type": "string" + }, + "loggingConfig": { + "description": "Logging configuration.", + "properties": { + "componentConfig": { + "description": "The configuration of the logging components.", + "properties": { + "enableComponents": { + "description": "The components to be enabled. Possible values: [\"SYSTEM_COMPONENTS\", \"WORKLOADS\"].", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "monitoringConfig": { + "description": "Monitoring configuration.", + "properties": { + "managedPrometheusConfig": { + "description": "Enable Google Cloud Managed Service for Prometheus in the cluster.", + "properties": { + "enabled": { + "description": "Enable Managed Collection.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oidcConfig": { + "description": "OIDC discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This fields indicates how GCP services\nvalidate KSA tokens in order to allow system workloads (such as GKE Connect\nand telemetry agents) to authenticate back to GCP.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the 'issuer_url' field\nwhile clusters with private issuers need to provide both\n'issuer_url' and 'jwks'.", + "properties": { + "issuerUrl": { + "description": "Immutable. A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'.", + "type": "string" + }, + "jwks": { + "description": "Immutable. OIDC verification keys in JWKS format (RFC 7517).", + "type": "string" + } + }, + "required": [ + "issuerUrl" + ], + "type": "object", + "additionalProperties": false + }, + "platformVersion": { + "description": "The platform version for the cluster (e.g. '1.23.0-gke.1').", + "type": "string" + }, + "projectRef": { + "description": "The ID of the project in which the resource belongs. If it is not provided, the provider project is used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "distribution", + "fleet", + "location", + "oidcConfig", + "platformVersion", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "clusterRegion": { + "description": "Output only. The region where this cluster runs.\n\nFor EKS clusters, this is an AWS region. For AKS clusters,\nthis is an Azure region.", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time at which this cluster was created.", + "type": "string" + }, + "errors": { + "description": "A set of errors found in the cluster.", + "items": { + "properties": { + "message": { + "description": "Human-friendly description of the error.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "kubernetesVersion": { + "description": "The Kubernetes version of the cluster.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "reconciling": { + "description": "If set, there are currently changes in flight to the cluster.", + "type": "boolean" + }, + "state": { + "description": "The current state of the cluster. Possible values:\nSTATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\nDEGRADED.", + "type": "string" + }, + "uid": { + "description": "A globally unique identifier for the cluster.", + "type": "string" + }, + "updateTime": { + "description": "The time at which this cluster was last updated.", + "type": "string" + }, + "workloadIdentityConfig": { + "description": "Workload Identity settings.", + "items": { + "properties": { + "identityProvider": { + "description": "The ID of the OIDC Identity Provider (IdP) associated to\nthe Workload Identity Pool.", + "type": "string" + }, + "issuerUri": { + "description": "The OIDC issuer URL for this cluster.", + "type": "string" + }, + "workloadPool": { + "description": "The Workload Identity Pool associated to the cluster.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/core.cnrm.cloud.google.com/configconnector_v1beta1.json b/core.cnrm.cloud.google.com/configconnector_v1beta1.json new file mode 100644 index 00000000..e0369588 --- /dev/null +++ b/core.cnrm.cloud.google.com/configconnector_v1beta1.json @@ -0,0 +1,118 @@ +{ + "description": "ConfigConnector is the Schema for the configconnectors API", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "anyOf": [ + { + "oneOf": [ + { + "not": { + "required": [ + "googleServiceAccount" + ] + }, + "required": [ + "credentialSecretName" + ] + }, + { + "not": { + "required": [ + "credentialSecretName" + ] + }, + "required": [ + "googleServiceAccount" + ] + } + ], + "properties": { + "mode": { + "enum": [ + "cluster" + ] + } + } + }, + { + "not": { + "anyOf": [ + { + "required": [ + "googleServiceAccount" + ] + }, + { + "required": [ + "credentialSecretName" + ] + } + ] + }, + "properties": { + "mode": { + "enum": [ + "namespaced" + ] + } + } + } + ], + "description": "ConfigConnectorSpec defines the desired state of ConfigConnector", + "properties": { + "credentialSecretName": { + "description": "The Kubernetes secret that contains the Google Service Account Key's credentials to be used by ConfigConnector to authenticate with Google Cloud APIs. This field is used only when in cluster mode. It's recommended to use `googleServiceAccount` when running ConfigConnector in Google Kubernetes Engine (GKE) clusters with Workload Identity enabled. This field cannot be specified together with `googleServiceAccount`.", + "type": "string" + }, + "googleServiceAccount": { + "description": "The Google Service Account to be used by Config Connector to authenticate with Google Cloud APIs. This field is used only when running in cluster mode with Workload Identity enabled. See Google Kubernetes Engine (GKE) workload-identity (https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) for details. This field cannot be specified together with `credentialSecretName`. For namespaced mode, use `googleServiceAccount` in ConfigConnectorContext CRD to specify the Google Service Account to be used to authenticate with Google Cloud APIs per namespace.", + "type": "string" + }, + "mode": { + "description": "The mode that Config Connector will run in. This can be either 'cluster' or 'namespaced'. The default is 'namespaced'. Cluster mode uses a single Google Service Account to create and manage resources, even if you are using Config Connector to manage multiple Projects. You must specify either `credentialSecretName` or `googleServiceAccount` when in cluster mode, but not both. Namespaced mode allows you to use different Google service accounts for different Projects. When in namespaced mode, you must create a ConfigConnectorContext object per namespace that you want to enable Config Connector in, and each must set `googleServiceAccount` to specify the Google Service Account to be used to authenticate with Google Cloud APIs for the namespace.", + "enum": [ + "cluster", + "namespaced" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "ConfigConnectorStatus defines the observed state of ConfigConnector", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/core.cnrm.cloud.google.com/configconnectorcontext_v1beta1.json b/core.cnrm.cloud.google.com/configconnectorcontext_v1beta1.json new file mode 100644 index 00000000..4a2f8da3 --- /dev/null +++ b/core.cnrm.cloud.google.com/configconnectorcontext_v1beta1.json @@ -0,0 +1,69 @@ +{ + "description": "ConfigConnectorContext is the Schema for the ConfigConnectorContexts API", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "ConfigConnectorContextSpec defines the desired state of ConfigConnectorContext", + "properties": { + "billingProject": { + "description": "Specifies the project to use for preconditions, quota and billing. Should only be used when requestProjectPolicy is set to BILLING_PROJECT.", + "type": "string" + }, + "googleServiceAccount": { + "description": "The Google Service Account to be used by Config Connector to authenticate with Google Cloud APIs in the associated namespace.", + "type": "string" + }, + "requestProjectPolicy": { + "description": "Specifies which project to use for preconditions, quota, and billing for requests made to Google Cloud APIs for resources in the associated namespace. Must be one of 'SERVICE_ACCOUNT_PROJECT', 'RESOURCE_PROJECT', or 'BILLING_PROJECT. Defaults to 'SERVICE_ACCOUNT_PROJECT'. If set to 'SERVICE_ACCOUNT_PROJECT', uses the project that the Google Service Account belongs to. If set to 'RESOURCE_PROJECT', uses the project that the resource belongs to. If set to 'BILLING_PROJECT', uses the project specified by spec.billingProject.", + "enum": [ + "SERVICE_ACCOUNT_PROJECT", + "RESOURCE_PROJECT", + "BILLING_PROJECT" + ], + "type": "string" + } + }, + "required": [ + "googleServiceAccount" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "ConfigConnectorContextStatus defines the observed state of ConfigConnectorContext", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/customize.core.cnrm.cloud.google.com/controllerresource_v1alpha1.json b/customize.core.cnrm.cloud.google.com/controllerresource_v1alpha1.json new file mode 100644 index 00000000..95b5e050 --- /dev/null +++ b/customize.core.cnrm.cloud.google.com/controllerresource_v1alpha1.json @@ -0,0 +1,145 @@ +{ + "description": "ControllerResource is the Schema for resource customization API for config connector controllers.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "enum": [ + "cnrm-controller-manager", + "cnrm-deletiondefender", + "cnrm-unmanaged-detector", + "cnrm-webhook-manager", + "cnrm-resource-stats-recorder" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "anyOf": [ + { + "required": [ + "containers" + ] + }, + { + "required": [ + "replicas" + ] + } + ], + "description": "ControllerResourceSpec is the specification of the resource customization for containers of a config connector controller.", + "properties": { + "containers": { + "description": "The list of containers whose resource requirements to be customized.", + "items": { + "description": "ContainerResourceSpec is the specification of the resource customization for a container of a config connector controller.", + "properties": { + "name": { + "description": "The name of the container whose resource requirements will be customized. Required", + "enum": [ + "manager", + "webhook", + "deletiondefender", + "prom-to-sd", + "recorder", + "unmanageddetector" + ], + "type": "string" + }, + "resources": { + "description": "Resources specifies the resource customization of this container. Required", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name", + "resources" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "replicas": { + "description": "The number of desired replicas of the config connector controller. This field takes effect only if the controller name is \"cnrm-webhook-manager\".", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "ControllerResourceStatus defines the observed state of ControllerResource.", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/customize.core.cnrm.cloud.google.com/controllerresource_v1beta1.json b/customize.core.cnrm.cloud.google.com/controllerresource_v1beta1.json new file mode 100644 index 00000000..95b5e050 --- /dev/null +++ b/customize.core.cnrm.cloud.google.com/controllerresource_v1beta1.json @@ -0,0 +1,145 @@ +{ + "description": "ControllerResource is the Schema for resource customization API for config connector controllers.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "enum": [ + "cnrm-controller-manager", + "cnrm-deletiondefender", + "cnrm-unmanaged-detector", + "cnrm-webhook-manager", + "cnrm-resource-stats-recorder" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "anyOf": [ + { + "required": [ + "containers" + ] + }, + { + "required": [ + "replicas" + ] + } + ], + "description": "ControllerResourceSpec is the specification of the resource customization for containers of a config connector controller.", + "properties": { + "containers": { + "description": "The list of containers whose resource requirements to be customized.", + "items": { + "description": "ContainerResourceSpec is the specification of the resource customization for a container of a config connector controller.", + "properties": { + "name": { + "description": "The name of the container whose resource requirements will be customized. Required", + "enum": [ + "manager", + "webhook", + "deletiondefender", + "prom-to-sd", + "recorder", + "unmanageddetector" + ], + "type": "string" + }, + "resources": { + "description": "Resources specifies the resource customization of this container. Required", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name", + "resources" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "replicas": { + "description": "The number of desired replicas of the config connector controller. This field takes effect only if the controller name is \"cnrm-webhook-manager\".", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "ControllerResourceStatus defines the observed state of ControllerResource.", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/customize.core.cnrm.cloud.google.com/mutatingwebhookconfigurationcustomization_v1alpha1.json b/customize.core.cnrm.cloud.google.com/mutatingwebhookconfigurationcustomization_v1alpha1.json new file mode 100644 index 00000000..c4acbace --- /dev/null +++ b/customize.core.cnrm.cloud.google.com/mutatingwebhookconfigurationcustomization_v1alpha1.json @@ -0,0 +1,97 @@ +{ + "description": "MutatingWebhookConfigurationCustomization is the Schema for customizing the mutating webhook configurations in config connector.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "enum": [ + "mutating-webhook" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "description": "WebhookConfigurationCustomizationSpec is the specification for customizing the webhooks of a config connector webhook configuration.", + "properties": { + "webhooks": { + "description": "The list of webhooks whose configuration to be customized. Required", + "items": { + "description": "WebhookCustomizationSpec is the specification for customizing for a specific webhook in config connector.", + "properties": { + "name": { + "description": "The name of the webhook. Do not include the `.cnrm.cloud.google.com` suffix. Required", + "enum": [ + "abandon-on-uninstall", + "deny-immutable-field-updates", + "deny-unknown-fields", + "iam-validation", + "resource-validation", + "container-annotation-handler", + "generic-defaulter", + "iam-defaulter", + "management-conflict-annotation-defaulter" + ], + "type": "string" + }, + "timeoutSeconds": { + "description": "TimeoutSeconds customizes the timeout of the webhook. The timeout value must be between 1 and 30 seconds. The default timeout in Kubernetes is 10 seconds. Required", + "format": "int32", + "maximum": 30, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "webhooks" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "WebhookConfigurationCustomizationStatus defines the observed state of ValidatingWebhookConfigurationCustomization and MutatingWebhookConfigurationCustomization.", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/customize.core.cnrm.cloud.google.com/mutatingwebhookconfigurationcustomization_v1beta1.json b/customize.core.cnrm.cloud.google.com/mutatingwebhookconfigurationcustomization_v1beta1.json new file mode 100644 index 00000000..c4acbace --- /dev/null +++ b/customize.core.cnrm.cloud.google.com/mutatingwebhookconfigurationcustomization_v1beta1.json @@ -0,0 +1,97 @@ +{ + "description": "MutatingWebhookConfigurationCustomization is the Schema for customizing the mutating webhook configurations in config connector.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "enum": [ + "mutating-webhook" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "description": "WebhookConfigurationCustomizationSpec is the specification for customizing the webhooks of a config connector webhook configuration.", + "properties": { + "webhooks": { + "description": "The list of webhooks whose configuration to be customized. Required", + "items": { + "description": "WebhookCustomizationSpec is the specification for customizing for a specific webhook in config connector.", + "properties": { + "name": { + "description": "The name of the webhook. Do not include the `.cnrm.cloud.google.com` suffix. Required", + "enum": [ + "abandon-on-uninstall", + "deny-immutable-field-updates", + "deny-unknown-fields", + "iam-validation", + "resource-validation", + "container-annotation-handler", + "generic-defaulter", + "iam-defaulter", + "management-conflict-annotation-defaulter" + ], + "type": "string" + }, + "timeoutSeconds": { + "description": "TimeoutSeconds customizes the timeout of the webhook. The timeout value must be between 1 and 30 seconds. The default timeout in Kubernetes is 10 seconds. Required", + "format": "int32", + "maximum": 30, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "webhooks" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "WebhookConfigurationCustomizationStatus defines the observed state of ValidatingWebhookConfigurationCustomization and MutatingWebhookConfigurationCustomization.", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/customize.core.cnrm.cloud.google.com/namespacedcontrollerresource_v1alpha1.json b/customize.core.cnrm.cloud.google.com/namespacedcontrollerresource_v1alpha1.json new file mode 100644 index 00000000..cf0a2568 --- /dev/null +++ b/customize.core.cnrm.cloud.google.com/namespacedcontrollerresource_v1alpha1.json @@ -0,0 +1,127 @@ +{ + "description": "NamespacedControllerResource is the Schema for resource customization API for namespaced config connector controllers.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "enum": [ + "cnrm-controller-manager" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "description": "NamespacedControllerResourceSpec is the specification of the resource customization for containers of a namespaced config connector controller.", + "properties": { + "containers": { + "description": "The list of containers whose resource requirements to be customized. Required", + "items": { + "description": "ContainerResourceSpec is the specification of the resource customization for a container of a config connector controller.", + "properties": { + "name": { + "description": "The name of the container whose resource requirements will be customized. Required", + "enum": [ + "manager", + "webhook", + "deletiondefender", + "prom-to-sd", + "recorder", + "unmanageddetector" + ], + "type": "string" + }, + "resources": { + "description": "Resources specifies the resource customization of this container. Required", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name", + "resources" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "containers" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "NamespacedControllerResourceStatus defines the observed state of NamespacedControllerResource.", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/customize.core.cnrm.cloud.google.com/namespacedcontrollerresource_v1beta1.json b/customize.core.cnrm.cloud.google.com/namespacedcontrollerresource_v1beta1.json new file mode 100644 index 00000000..cf0a2568 --- /dev/null +++ b/customize.core.cnrm.cloud.google.com/namespacedcontrollerresource_v1beta1.json @@ -0,0 +1,127 @@ +{ + "description": "NamespacedControllerResource is the Schema for resource customization API for namespaced config connector controllers.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "enum": [ + "cnrm-controller-manager" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "description": "NamespacedControllerResourceSpec is the specification of the resource customization for containers of a namespaced config connector controller.", + "properties": { + "containers": { + "description": "The list of containers whose resource requirements to be customized. Required", + "items": { + "description": "ContainerResourceSpec is the specification of the resource customization for a container of a config connector controller.", + "properties": { + "name": { + "description": "The name of the container whose resource requirements will be customized. Required", + "enum": [ + "manager", + "webhook", + "deletiondefender", + "prom-to-sd", + "recorder", + "unmanageddetector" + ], + "type": "string" + }, + "resources": { + "description": "Resources specifies the resource customization of this container. Required", + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name", + "resources" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "containers" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "NamespacedControllerResourceStatus defines the observed state of NamespacedControllerResource.", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/customize.core.cnrm.cloud.google.com/validatingwebhookconfigurationcustomization_v1alpha1.json b/customize.core.cnrm.cloud.google.com/validatingwebhookconfigurationcustomization_v1alpha1.json new file mode 100644 index 00000000..6863e9a0 --- /dev/null +++ b/customize.core.cnrm.cloud.google.com/validatingwebhookconfigurationcustomization_v1alpha1.json @@ -0,0 +1,98 @@ +{ + "description": "ValidatingWebhookConfigurationCustomization is the Schema for customizing the validating webhook configurations in config connector.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "enum": [ + "validating-webhook", + "abandon-on-uninstall" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "description": "WebhookConfigurationCustomizationSpec is the specification for customizing the webhooks of a config connector webhook configuration.", + "properties": { + "webhooks": { + "description": "The list of webhooks whose configuration to be customized. Required", + "items": { + "description": "WebhookCustomizationSpec is the specification for customizing for a specific webhook in config connector.", + "properties": { + "name": { + "description": "The name of the webhook. Do not include the `.cnrm.cloud.google.com` suffix. Required", + "enum": [ + "abandon-on-uninstall", + "deny-immutable-field-updates", + "deny-unknown-fields", + "iam-validation", + "resource-validation", + "container-annotation-handler", + "generic-defaulter", + "iam-defaulter", + "management-conflict-annotation-defaulter" + ], + "type": "string" + }, + "timeoutSeconds": { + "description": "TimeoutSeconds customizes the timeout of the webhook. The timeout value must be between 1 and 30 seconds. The default timeout in Kubernetes is 10 seconds. Required", + "format": "int32", + "maximum": 30, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "webhooks" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "WebhookConfigurationCustomizationStatus defines the observed state of ValidatingWebhookConfigurationCustomization and MutatingWebhookConfigurationCustomization.", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/customize.core.cnrm.cloud.google.com/validatingwebhookconfigurationcustomization_v1beta1.json b/customize.core.cnrm.cloud.google.com/validatingwebhookconfigurationcustomization_v1beta1.json new file mode 100644 index 00000000..6863e9a0 --- /dev/null +++ b/customize.core.cnrm.cloud.google.com/validatingwebhookconfigurationcustomization_v1beta1.json @@ -0,0 +1,98 @@ +{ + "description": "ValidatingWebhookConfigurationCustomization is the Schema for customizing the validating webhook configurations in config connector.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "properties": { + "name": { + "enum": [ + "validating-webhook", + "abandon-on-uninstall" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "description": "WebhookConfigurationCustomizationSpec is the specification for customizing the webhooks of a config connector webhook configuration.", + "properties": { + "webhooks": { + "description": "The list of webhooks whose configuration to be customized. Required", + "items": { + "description": "WebhookCustomizationSpec is the specification for customizing for a specific webhook in config connector.", + "properties": { + "name": { + "description": "The name of the webhook. Do not include the `.cnrm.cloud.google.com` suffix. Required", + "enum": [ + "abandon-on-uninstall", + "deny-immutable-field-updates", + "deny-unknown-fields", + "iam-validation", + "resource-validation", + "container-annotation-handler", + "generic-defaulter", + "iam-defaulter", + "management-conflict-annotation-defaulter" + ], + "type": "string" + }, + "timeoutSeconds": { + "description": "TimeoutSeconds customizes the timeout of the webhook. The timeout value must be between 1 and 30 seconds. The default timeout in Kubernetes is 10 seconds. Required", + "format": "int32", + "maximum": 30, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "webhooks" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "WebhookConfigurationCustomizationStatus defines the observed state of ValidatingWebhookConfigurationCustomization and MutatingWebhookConfigurationCustomization.", + "properties": { + "errors": { + "items": { + "type": "string" + }, + "type": "array" + }, + "healthy": { + "type": "boolean" + }, + "phase": { + "type": "string" + } + }, + "required": [ + "healthy" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/datacatalog.cnrm.cloud.google.com/datacatalogpolicytag_v1beta1.json b/datacatalog.cnrm.cloud.google.com/datacatalogpolicytag_v1beta1.json new file mode 100644 index 00000000..8e6f6bc6 --- /dev/null +++ b/datacatalog.cnrm.cloud.google.com/datacatalogpolicytag_v1beta1.json @@ -0,0 +1,190 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Description of this policy tag. It must: contain only unicode characters, tabs,\nnewlines, carriage returns and page breaks; and be at most 2000 bytes long when\nencoded in UTF-8. If not set, defaults to an empty description.\nIf not set, defaults to an empty description.", + "type": "string" + }, + "displayName": { + "description": "User defined name of this policy tag. It must: be unique within the parent\ntaxonomy; contain only unicode letters, numbers, underscores, dashes and spaces;\nnot start or end with spaces; and be at most 200 bytes long when encoded in UTF-8.", + "type": "string" + }, + "parentPolicyTagRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `DataCatalogPolicyTag` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "taxonomyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `DataCatalogTaxonomy` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "displayName", + "taxonomyRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "childPolicyTags": { + "description": "Resource names of child policy tags of this policy tag.", + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "Resource name of this policy tag, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}\".", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/datacatalog.cnrm.cloud.google.com/datacatalogtaxonomy_v1beta1.json b/datacatalog.cnrm.cloud.google.com/datacatalogtaxonomy_v1beta1.json new file mode 100644 index 00000000..57e60ed8 --- /dev/null +++ b/datacatalog.cnrm.cloud.google.com/datacatalogtaxonomy_v1beta1.json @@ -0,0 +1,146 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "activatedPolicyTypes": { + "description": "A list of policy types that are activated for this taxonomy. If not set,\ndefaults to an empty list. Possible values: [\"POLICY_TYPE_UNSPECIFIED\", \"FINE_GRAINED_ACCESS_CONTROL\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "description": "Description of this taxonomy. It must: contain only unicode characters,\ntabs, newlines, carriage returns and page breaks; and be at most 2000 bytes\nlong when encoded in UTF-8. If not set, defaults to an empty description.", + "type": "string" + }, + "displayName": { + "description": "User defined name of this taxonomy.\nIt must: contain only unicode letters, numbers, underscores, dashes\nand spaces; not start or end with spaces; and be at most 200 bytes\nlong when encoded in UTF-8.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. Taxonomy location region.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "required": [ + "displayName", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "Resource name of this taxonomy, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}\".", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/dataflow.cnrm.cloud.google.com/dataflowflextemplatejob_v1beta1.json b/dataflow.cnrm.cloud.google.com/dataflowflextemplatejob_v1beta1.json new file mode 100644 index 00000000..53345695 --- /dev/null +++ b/dataflow.cnrm.cloud.google.com/dataflowflextemplatejob_v1beta1.json @@ -0,0 +1,338 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "additionalExperiments": { + "description": "List of experiments that should be used by the job. An example value is [\"enable_stackdriver_agent_metrics\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "autoscalingAlgorithm": { + "description": "The algorithm to use for autoscaling.", + "type": "string" + }, + "containerSpecGcsPath": { + "type": "string" + }, + "enableStreamingEngine": { + "description": "Immutable. Indicates if the job should use the streaming engine feature.", + "type": "boolean" + }, + "ipConfiguration": { + "description": "The configuration for VM IPs. Options are \"WORKER_IP_PUBLIC\" or \"WORKER_IP_PRIVATE\".", + "type": "string" + }, + "kmsKeyNameRef": { + "description": "The name for the Cloud KMS key for the job.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "launcherMachineType": { + "description": "The machine type to use for launching the job. The default is n1-standard-1.", + "type": "string" + }, + "machineType": { + "description": "The machine type to use for the job.", + "type": "string" + }, + "maxWorkers": { + "description": "Immutable. The maximum number of Google Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.", + "type": "integer" + }, + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "numWorkers": { + "description": "Immutable. The initial number of Google Compute Engine instances for the job.", + "type": "integer" + }, + "parameters": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "region": { + "description": "Immutable. The region in which the created job should run.", + "type": "string" + }, + "sdkContainerImage": { + "description": "Docker registry location of container image to use for the 'worker harness. Default is the container for the version of the SDK. Note this field is only valid for portable pipelines.", + "type": "string" + }, + "serviceAccountEmailRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "stagingLocation": { + "description": "The Cloud Storage path to use for staging files. Must be a valid Cloud Storage URL, beginning with gs://.", + "type": "string" + }, + "subnetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tempLocation": { + "description": "The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.", + "type": "string" + }, + "transformNameMapping": { + "description": "Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "required": [ + "containerSpecGcsPath" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "jobId": { + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "type": "string" + }, + "type": { + "description": "The type of this job, selected from the JobType enum.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/dataflow.cnrm.cloud.google.com/dataflowjob_v1beta1.json b/dataflow.cnrm.cloud.google.com/dataflowjob_v1beta1.json new file mode 100644 index 00000000..1a197174 --- /dev/null +++ b/dataflow.cnrm.cloud.google.com/dataflowjob_v1beta1.json @@ -0,0 +1,331 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "additionalExperiments": { + "description": "List of experiments that should be used by the job. An example value is [\"enable_stackdriver_agent_metrics\"].", + "items": { + "type": "string" + }, + "type": "array" + }, + "enableStreamingEngine": { + "description": "Indicates if the job should use the streaming engine feature.", + "type": "boolean" + }, + "ipConfiguration": { + "description": "The configuration for VM IPs. Options are \"WORKER_IP_PUBLIC\" or \"WORKER_IP_PRIVATE\".", + "type": "string" + }, + "kmsKeyRef": { + "description": "The name for the Cloud KMS key for the job.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "machineType": { + "description": "The machine type to use for the job.", + "type": "string" + }, + "maxWorkers": { + "description": "Immutable. The number of workers permitted to work on the job. More workers may improve processing speed at additional cost.", + "type": "integer" + }, + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "parameters": { + "description": "Key/Value pairs to be passed to the Dataflow job (as used in the template).", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "region": { + "description": "Immutable. The region in which the created job should run.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subnetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tempGcsLocation": { + "description": "A writeable location on Google Cloud Storage for the Dataflow job to dump its temporary data.", + "type": "string" + }, + "templateGcsPath": { + "description": "The Google Cloud Storage path to the Dataflow job template.", + "type": "string" + }, + "transformNameMapping": { + "description": "Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "zone": { + "description": "Immutable. The zone in which the created job should run. If it is not provided, the provider zone is used.", + "type": "string" + } + }, + "required": [ + "tempGcsLocation", + "templateGcsPath" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "jobId": { + "description": "The unique ID of this job.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "The current state of the resource, selected from the JobState enum.", + "type": "string" + }, + "type": { + "description": "The type of this job, selected from the JobType enum.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/datafusion.cnrm.cloud.google.com/datafusioninstance_v1beta1.json b/datafusion.cnrm.cloud.google.com/datafusioninstance_v1beta1.json new file mode 100644 index 00000000..247159fa --- /dev/null +++ b/datafusion.cnrm.cloud.google.com/datafusioninstance_v1beta1.json @@ -0,0 +1,289 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "dataprocServiceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Immutable. A description of this instance.", + "type": "string" + }, + "displayName": { + "description": "Immutable. Display name for an instance.", + "type": "string" + }, + "enableStackdriverLogging": { + "description": "Option to enable Stackdriver Logging.", + "type": "boolean" + }, + "enableStackdriverMonitoring": { + "description": "Option to enable Stackdriver Monitoring.", + "type": "boolean" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "networkConfig": { + "description": "Immutable. Network configuration options. These are required when a private Data Fusion instance is to be created.", + "properties": { + "ipAllocation": { + "description": "Immutable. The IP range in CIDR notation to use for the managed Data Fusion instance nodes. This range must not overlap with any other ranges used in the customer network.", + "type": "string" + }, + "networkRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network}\n\nAllowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Map of additional options used to configure the behavior of Data Fusion instance.", + "type": "object" + }, + "privateInstance": { + "description": "Immutable. Specifies whether the Data Fusion instance should be private. If set to true, all Data Fusion nodes will have private IP addresses and will not be able to access the public internet.", + "type": "boolean" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "type": { + "description": "Immutable. Required. Instance type. Possible values: TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER", + "type": "string" + }, + "version": { + "description": "Current version of the Data Fusion.", + "type": "string" + }, + "zone": { + "description": "Immutable. Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field.", + "type": "string" + } + }, + "required": [ + "location", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "apiEndpoint": { + "description": "Output only. Endpoint on which the REST APIs is accessible.", + "type": "string" + }, + "availableVersion": { + "description": "Available versions that the instance can be upgraded to.", + "items": { + "properties": { + "availableFeatures": { + "description": "Represents a list of available feature names for a given version.", + "items": { + "type": "string" + }, + "type": "array" + }, + "defaultVersion": { + "description": "Whether this is currently the default version for Cloud Data Fusion", + "type": "boolean" + }, + "versionNumber": { + "description": "The version number of the Data Fusion instance, such as '6.0.1.0'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time the instance was created.", + "format": "date-time", + "type": "string" + }, + "gcsBucket": { + "description": "Output only. Cloud Storage bucket generated by Data Fusion in the customer project.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "p4ServiceAccount": { + "description": "Output only. P4 service account for the customer project.", + "type": "string" + }, + "serviceEndpoint": { + "description": "Output only. Endpoint on which the Data Fusion UI is accessible.", + "type": "string" + }, + "state": { + "description": "Output only. The current state of this Data Fusion instance. Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN", + "type": "string" + }, + "stateMessage": { + "description": "Output only. Additional information about the current state of this Data Fusion instance if available.", + "type": "string" + }, + "tenantProjectId": { + "description": "Output only. The name of the tenant project.", + "type": "string" + }, + "updateTime": { + "description": "Output only. The time the instance was last updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/dataproc.cnrm.cloud.google.com/dataprocautoscalingpolicy_v1beta1.json b/dataproc.cnrm.cloud.google.com/dataprocautoscalingpolicy_v1beta1.json new file mode 100644 index 00000000..9a93bfc9 --- /dev/null +++ b/dataproc.cnrm.cloud.google.com/dataprocautoscalingpolicy_v1beta1.json @@ -0,0 +1,224 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "basicAlgorithm": { + "properties": { + "cooldownPeriod": { + "description": "Optional. Duration between scaling events. A scaling period starts after the update operation from the previous event has completed. Bounds: . Default: 2m.", + "type": "string" + }, + "yarnConfig": { + "description": "Required. YARN autoscaling configuration.", + "properties": { + "gracefulDecommissionTimeout": { + "description": "Required. Timeout for YARN graceful decommissioning of Node Managers. Specifies the duration to wait for jobs to complete before forcefully removing workers (and potentially interrupting jobs). Only applicable to downscaling operations.", + "type": "string" + }, + "scaleDownFactor": { + "description": "Required. Fraction of average YARN pending memory in the last cooldown period for which to remove workers. A scale-down factor of 1 will result in scaling down so that there is no available memory remaining after the update (more aggressive scaling). A scale-down factor of 0 disables removing workers, which can be beneficial for autoscaling a single job. See .", + "format": "double", + "type": "number" + }, + "scaleDownMinWorkerFraction": { + "description": "Optional. Minimum scale-down threshold as a fraction of total cluster size before scaling occurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must recommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0 means the autoscaler will scale down on any recommended change. Bounds: . Default: 0.0.", + "format": "double", + "type": "number" + }, + "scaleUpFactor": { + "description": "Required. Fraction of average YARN pending memory in the last cooldown period for which to add workers. A scale-up factor of 1.0 will result in scaling up so that there is no pending memory remaining after the update (more aggressive scaling). A scale-up factor closer to 0 will result in a smaller magnitude of scaling up (less aggressive scaling). See .", + "format": "double", + "type": "number" + }, + "scaleUpMinWorkerFraction": { + "description": "Optional. Minimum scale-up threshold as a fraction of total cluster size before scaling occurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must recommend at least a 2-worker scale-up for the cluster to scale. A threshold of 0 means the autoscaler will scale up on any recommended change. Bounds: . Default: 0.0.", + "format": "double", + "type": "number" + } + }, + "required": [ + "gracefulDecommissionTimeout", + "scaleDownFactor", + "scaleUpFactor" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "yarnConfig" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "secondaryWorkerConfig": { + "description": "Optional. Describes how the autoscaler will operate for secondary workers.", + "properties": { + "maxInstances": { + "description": "Optional. Maximum number of instances for this group. Note that by default, clusters will not use secondary workers. Required for secondary workers if the minimum secondary instances is set. Primary workers - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, ). Default: 0.", + "format": "int64", + "type": "integer" + }, + "minInstances": { + "description": "Optional. Minimum number of instances for this group. Primary workers - Bounds: . Default: 0.", + "format": "int64", + "type": "integer" + }, + "weight": { + "description": "Optional. Weight for the instance group, which is used to determine the fraction of total workers in the cluster from this instance group. For example, if primary workers have weight 2, and secondary workers have weight 1, the cluster will have approximately 2 primary workers for each secondary worker. The cluster may not reach the specified balance if constrained by min/max bounds or other autoscaling settings. For example, if `max_instances` for secondary workers is 0, then only primary workers will be added. The cluster can also be out of balance when created. If weight is not set on any instance group, the cluster will default to equal weight for all groups: the cluster will attempt to maintain an equal number of workers in each group within the configured size bounds for each group. If weight is set for one group only, the cluster will default to zero weight on the unset group. For example if weight is set only on primary workers, the cluster will use primary workers only and no secondary workers.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "workerConfig": { + "description": "Required. Describes how the autoscaler will operate for primary workers.", + "properties": { + "maxInstances": { + "description": "Required. Maximum number of instances for this group. Required for primary workers. Note that by default, clusters will not use secondary workers. Required for secondary workers if the minimum secondary instances is set. Primary workers - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, ). Default: 0.", + "format": "int64", + "type": "integer" + }, + "minInstances": { + "description": "Optional. Minimum number of instances for this group. Primary workers - Bounds: . Default: 0.", + "format": "int64", + "type": "integer" + }, + "weight": { + "description": "Optional. Weight for the instance group, which is used to determine the fraction of total workers in the cluster from this instance group. For example, if primary workers have weight 2, and secondary workers have weight 1, the cluster will have approximately 2 primary workers for each secondary worker. The cluster may not reach the specified balance if constrained by min/max bounds or other autoscaling settings. For example, if `max_instances` for secondary workers is 0, then only primary workers will be added. The cluster can also be out of balance when created. If weight is not set on any instance group, the cluster will default to equal weight for all groups: the cluster will attempt to maintain an equal number of workers in each group within the configured size bounds for each group. If weight is set for one group only, the cluster will default to zero weight on the unset group. For example if weight is set only on primary workers, the cluster will use primary workers only and no secondary workers.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "maxInstances" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "basicAlgorithm", + "location", + "workerConfig" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/dataproc.cnrm.cloud.google.com/dataproccluster_v1beta1.json b/dataproc.cnrm.cloud.google.com/dataproccluster_v1beta1.json new file mode 100644 index 00000000..2cba0ea1 --- /dev/null +++ b/dataproc.cnrm.cloud.google.com/dataproccluster_v1beta1.json @@ -0,0 +1,2039 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "config": { + "description": "Immutable. The cluster config. Note that Dataproc may set default values, and values may change when clusters are updated.", + "properties": { + "autoscalingConfig": { + "description": "Immutable. Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset.", + "properties": { + "policyRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region.\n\nAllowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "dataprocMetricConfig": { + "description": "Immutable. Optional. The config for Dataproc metrics.", + "properties": { + "metrics": { + "description": "Immutable. Required. Metrics sources to enable.", + "items": { + "properties": { + "metricOverrides": { + "description": "Immutable. Optional. Specify one or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect for the metric course (for the `SPARK` metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) can be specified). Provide metrics in the following format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` Notes: * Only the specified overridden metrics will be collected for the metric source. For example, if one or more `spark:executive` metrics are listed as metric overrides, other `SPARK` metrics will not be collected. The collection of the default metrics for other OSS metric sources is unaffected. For example, if both `SPARK` andd `YARN` metric sources are enabled, and overrides are provided for Spark metrics only, all default YARN metrics will be collected.", + "items": { + "type": "string" + }, + "type": "array" + }, + "metricSource": { + "description": "Immutable. Required. Default metrics are collected unless `metricOverrides` are specified for the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, HIVESERVER2", + "type": "string" + } + }, + "required": [ + "metricSource" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "metrics" + ], + "type": "object", + "additionalProperties": false + }, + "encryptionConfig": { + "description": "Immutable. Optional. Encryption settings for the cluster.", + "properties": { + "gcePdKmsKeyRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.\n\nAllowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "endpointConfig": { + "description": "Immutable. Optional. Port/endpoint configuration for this cluster", + "properties": { + "enableHttpPortAccess": { + "description": "Immutable. Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "gceClusterConfig": { + "description": "Immutable. Optional. The shared Compute Engine config settings for all instances in a cluster.", + "properties": { + "confidentialInstanceConfig": { + "description": "Immutable. Optional. Confidential Instance Config for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs).", + "properties": { + "enableConfidentialCompute": { + "description": "Immutable. Optional. Defines whether the instance should have confidential compute enabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "internalIPOnly": { + "description": "Immutable. Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses.", + "type": "boolean" + }, + "metadata": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)).", + "type": "object" + }, + "networkRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default`\n\nAllowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nodeGroupAffinity": { + "description": "Immutable. Optional. Node Group Affinity for sole-tenant clusters.", + "properties": { + "nodeGroupRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1`\n\nAllowed value: The `selfLink` field of a `ComputeNodeGroup` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "nodeGroupRef" + ], + "type": "object", + "additionalProperties": false + }, + "privateIPv6GoogleAccess": { + "description": "Immutable. Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL", + "type": "string" + }, + "reservationAffinity": { + "description": "Immutable. Optional. Reservation Affinity for consuming Zonal reservation.", + "properties": { + "consumeReservationType": { + "description": "Immutable. Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION", + "type": "string" + }, + "key": { + "description": "Immutable. Optional. Corresponds to the label key of reservation resource.", + "type": "string" + }, + "values": { + "description": "Immutable. Optional. Corresponds to the label values of reservation resource.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountScopes": { + "description": "Immutable. Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control", + "items": { + "type": "string" + }, + "type": "array" + }, + "shieldedInstanceConfig": { + "description": "Immutable. Optional. Shielded Instance Config for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm).", + "properties": { + "enableIntegrityMonitoring": { + "description": "Immutable. Optional. Defines whether instances have integrity monitoring enabled.", + "type": "boolean" + }, + "enableSecureBoot": { + "description": "Immutable. Optional. Defines whether instances have Secure Boot enabled.", + "type": "boolean" + }, + "enableVtpm": { + "description": "Immutable. Optional. Defines whether instances have the vTPM enabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "subnetworkRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0`\n\nAllowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tags": { + "description": "Immutable. The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).", + "items": { + "type": "string" + }, + "type": "array" + }, + "zone": { + "description": "Immutable. Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the \"global\" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "initializationActions": { + "description": "Immutable. Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node's `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ \"${ROLE}\" == 'Master' ]]; then ... master specific actions ... else ... worker specific actions ... fi", + "items": { + "properties": { + "executableFile": { + "description": "Immutable. Required. Cloud Storage URI of executable file.", + "type": "string" + }, + "executionTimeout": { + "description": "Immutable. Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period.", + "type": "string" + } + }, + "required": [ + "executableFile" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "lifecycleConfig": { + "description": "Immutable. Optional. Lifecycle setting for the cluster.", + "properties": { + "autoDeleteTime": { + "description": "Immutable. Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "format": "date-time", + "type": "string" + }, + "autoDeleteTtl": { + "description": "Immutable. Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "type": "string" + }, + "idleDeleteTtl": { + "description": "Immutable. Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "masterConfig": { + "description": "Immutable. Optional. The Compute Engine config settings for the master instance in a cluster.", + "properties": { + "accelerators": { + "description": "Immutable. Optional. The Compute Engine accelerator configuration for these instances.", + "items": { + "properties": { + "acceleratorCount": { + "description": "Immutable. The number of the accelerator cards of this type exposed to this instance.", + "format": "int64", + "type": "integer" + }, + "acceleratorType": { + "description": "Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "diskConfig": { + "description": "Immutable. Optional. Disk option config settings.", + "properties": { + "bootDiskSizeGb": { + "description": "Immutable. Optional. Size in GB of the boot disk (default is 500GB).", + "format": "int64", + "type": "integer" + }, + "bootDiskType": { + "description": "Immutable. Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).", + "type": "string" + }, + "localSsdInterface": { + "description": "Immutable. Optional. Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).", + "type": "string" + }, + "numLocalSsds": { + "description": "Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "imageRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.\n\nAllowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "machineType": { + "description": "Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).", + "type": "string" + }, + "numInstances": { + "description": "Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.", + "format": "int64", + "type": "integer" + }, + "preemptibility": { + "description": "Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "metastoreConfig": { + "description": "Immutable. Optional. Metastore configuration.", + "properties": { + "dataprocMetastoreServiceRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. Resource name of an existing Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`", + "type": "string" + }, + "name": { + "description": "[WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "dataprocMetastoreServiceRef" + ], + "type": "object", + "additionalProperties": false + }, + "secondaryWorkerConfig": { + "description": "Immutable. Optional. The Compute Engine config settings for additional worker instances in a cluster.", + "properties": { + "accelerators": { + "description": "Immutable. Optional. The Compute Engine accelerator configuration for these instances.", + "items": { + "properties": { + "acceleratorCount": { + "description": "Immutable. The number of the accelerator cards of this type exposed to this instance.", + "format": "int64", + "type": "integer" + }, + "acceleratorType": { + "description": "Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "diskConfig": { + "description": "Immutable. Optional. Disk option config settings.", + "properties": { + "bootDiskSizeGb": { + "description": "Immutable. Optional. Size in GB of the boot disk (default is 500GB).", + "format": "int64", + "type": "integer" + }, + "bootDiskType": { + "description": "Immutable. Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).", + "type": "string" + }, + "localSsdInterface": { + "description": "Immutable. Optional. Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).", + "type": "string" + }, + "numLocalSsds": { + "description": "Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "imageRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.\n\nAllowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "machineType": { + "description": "Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).", + "type": "string" + }, + "numInstances": { + "description": "Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.", + "format": "int64", + "type": "integer" + }, + "preemptibility": { + "description": "Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "securityConfig": { + "description": "Immutable. Optional. Security settings for the cluster.", + "properties": { + "identityConfig": { + "description": "Immutable. Optional. Identity related configuration, including service account based secure multi-tenancy user mappings.", + "properties": { + "userServiceAccountMapping": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Required. Map of user to service account.", + "type": "object" + } + }, + "required": [ + "userServiceAccountMapping" + ], + "type": "object", + "additionalProperties": false + }, + "kerberosConfig": { + "description": "Immutable. Optional. Kerberos related configuration.", + "properties": { + "crossRealmTrustAdminServer": { + "description": "Immutable. Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.", + "type": "string" + }, + "crossRealmTrustKdc": { + "description": "Immutable. Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.", + "type": "string" + }, + "crossRealmTrustRealm": { + "description": "Immutable. Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.", + "type": "string" + }, + "crossRealmTrustSharedPassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship.", + "type": "string" + }, + "enableKerberos": { + "description": "Immutable. Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.", + "type": "boolean" + }, + "kdcDbKey": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.", + "type": "string" + }, + "keyPassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.", + "type": "string" + }, + "keystore": { + "description": "Immutable. Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.", + "type": "string" + }, + "keystorePassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc.", + "type": "string" + }, + "kmsKeyRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The uri of the KMS key used to encrypt various sensitive files.\n\nAllowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "realm": { + "description": "Immutable. Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.", + "type": "string" + }, + "rootPrincipalPassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password.", + "type": "string" + }, + "tgtLifetimeHours": { + "description": "Immutable. Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used.", + "format": "int64", + "type": "integer" + }, + "truststore": { + "description": "Immutable. Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.", + "type": "string" + }, + "truststorePassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "softwareConfig": { + "description": "Immutable. Optional. The config settings for software inside the cluster.", + "properties": { + "imageVersion": { + "description": "Immutable. Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the [\"preview\" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.", + "type": "string" + }, + "optionalComponents": { + "description": "Immutable. Optional. The set of components to activate on the cluster.", + "items": { + "type": "string" + }, + "type": "array" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).", + "type": "object" + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + }, + "stagingBucketRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**\n\nAllowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tempBucketRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**\n\nAllowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "workerConfig": { + "description": "Immutable. Optional. The Compute Engine config settings for worker instances in a cluster.", + "properties": { + "accelerators": { + "description": "Immutable. Optional. The Compute Engine accelerator configuration for these instances.", + "items": { + "properties": { + "acceleratorCount": { + "description": "Immutable. The number of the accelerator cards of this type exposed to this instance.", + "format": "int64", + "type": "integer" + }, + "acceleratorType": { + "description": "Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "diskConfig": { + "description": "Immutable. Optional. Disk option config settings.", + "properties": { + "bootDiskSizeGb": { + "description": "Immutable. Optional. Size in GB of the boot disk (default is 500GB).", + "format": "int64", + "type": "integer" + }, + "bootDiskType": { + "description": "Immutable. Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).", + "type": "string" + }, + "localSsdInterface": { + "description": "Immutable. Optional. Interface type of local SSDs (default is \"scsi\"). Valid values: \"scsi\" (Small Computer System Interface), \"nvme\" (Non-Volatile Memory Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).", + "type": "string" + }, + "numLocalSsds": { + "description": "Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "imageRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.\n\nAllowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "machineType": { + "description": "Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).", + "type": "string" + }, + "numInstances": { + "description": "Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.", + "format": "int64", + "type": "integer" + }, + "preemptibility": { + "description": "Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource, usually a GCP region.", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The Google Cloud Platform project ID that the cluster belongs to.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "virtualClusterConfig": { + "description": "Immutable. Optional. The virtual cluster config is used when creating a Dataproc cluster that does not directly control the underlying compute resources, for example, when creating a [Dataproc-on-GKE cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). Dataproc may set default values, and values may change when clusters are updated. Exactly one of config or virtual_cluster_config must be specified.", + "properties": { + "auxiliaryServicesConfig": { + "description": "Immutable. Optional. Configuration of auxiliary services used by this cluster.", + "properties": { + "metastoreConfig": { + "description": "Immutable. Optional. The Hive Metastore configuration for this workload.", + "properties": { + "dataprocMetastoreServiceRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. Resource name of an existing Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`", + "type": "string" + }, + "name": { + "description": "[WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "dataprocMetastoreServiceRef" + ], + "type": "object", + "additionalProperties": false + }, + "sparkHistoryServerConfig": { + "description": "Immutable. Optional. The Spark History Server configuration for the workload.", + "properties": { + "dataprocClusterRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]`\n\nAllowed value: The `selfLink` field of a `DataprocCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "kubernetesClusterConfig": { + "description": "Immutable. Required. The configuration for running the Dataproc cluster on Kubernetes.", + "properties": { + "gkeClusterConfig": { + "description": "Immutable. Required. The configuration for running the Dataproc cluster on GKE.", + "properties": { + "gkeClusterTargetRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}'\n\nAllowed value: The `selfLink` field of a `ContainerCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nodePoolTarget": { + "description": "Immutable. Optional. GKE node pools where workloads will be scheduled. At least one node pool must be assigned the `DEFAULT` GkeNodePoolTarget.Role. If a `GkeNodePoolTarget` is not specified, Dataproc constructs a `DEFAULT` `GkeNodePoolTarget`. Each role can be given to only one `GkeNodePoolTarget`. All node pools must have the same location settings.", + "items": { + "properties": { + "nodePoolConfig": { + "description": "Immutable. Input only. The configuration for the GKE node pool. If specified, Dataproc attempts to create a node pool with the specified shape. If one with the same name already exists, it is verified against all specified fields. If a field differs, the virtual cluster creation will fail. If omitted, any node pool with the specified name is used. If a node pool with the specified name does not exist, Dataproc create a node pool with default values. This is an input only field. It will not be returned by the API.", + "properties": { + "autoscaling": { + "description": "Immutable. Optional. The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present.", + "properties": { + "maxNodeCount": { + "description": "Immutable. The maximum number of nodes in the node pool. Must be >= min_node_count, and must be > 0. **Note:** Quota must be sufficient to scale up the cluster.", + "format": "int64", + "type": "integer" + }, + "minNodeCount": { + "description": "Immutable. The minimum number of nodes in the node pool. Must be >= 0 and <= max_node_count.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "config": { + "description": "Immutable. Optional. The node pool configuration.", + "properties": { + "accelerators": { + "description": "Immutable. Optional. A list of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) to attach to each node.", + "items": { + "properties": { + "acceleratorCount": { + "description": "Immutable. The number of accelerator cards exposed to an instance.", + "format": "int64", + "type": "integer" + }, + "acceleratorType": { + "description": "Immutable. The accelerator type resource namename (see GPUs on Compute Engine).", + "type": "string" + }, + "gpuPartitionSize": { + "description": "Immutable. Size of partitions to create on the GPU. Valid values are described in the NVIDIA [mig user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "bootDiskKmsKey": { + "description": "Immutable. Optional. The [Customer Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) used to encrypt the boot disk attached to each node in the node pool. Specify the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.", + "type": "string" + }, + "ephemeralStorageConfig": { + "description": "Immutable. Optional. Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.", + "properties": { + "localSsdCount": { + "description": "Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD is 375 GB in size. If zero, it means to disable using local SSDs as ephemeral storage.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "localSsdCount": { + "description": "Immutable. Optional. The number of local SSD disks to attach to the node, which is limited by the maximum number of disks allowable per zone (see [Adding Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)).", + "format": "int64", + "type": "integer" + }, + "machineType": { + "description": "Immutable. Optional. The name of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types).", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. Optional. [Minimum CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) to be used by this instance. The instance may be scheduled on the specified or a newer CPU platform. Specify the friendly names of CPU platforms, such as \"Intel Haswell\"` or Intel Sandy Bridge\".", + "type": "string" + }, + "preemptible": { + "description": "Immutable. Optional. Whether the nodes are created as legacy [preemptible VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). Also see Spot VMs, preemptible VM instances without a maximum lifetime. Legacy and Spot preemptible nodes cannot be used in a node pool with the `CONTROLLER` [role] (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role).", + "type": "boolean" + }, + "spot": { + "description": "Immutable. Optional. Whether the nodes are created as [Spot VM instances] (https://cloud.google.com/compute/docs/instances/spot). Spot VMs are the latest update to legacy preemptible VMs. Spot VMs do not have a maximum lifetime. Legacy and Spot preemptible nodes cannot be used in a node pool with the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role).", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "locations": { + "description": "Immutable. Optional. The list of Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) where node pool nodes associated with a Dataproc on GKE virtual cluster will be located. **Note:** All node pools associated with a virtual cluster must be located in the same region as the virtual cluster, and they must be located in the same zone within that region. If a location is not specified during node pool creation, Dataproc on GKE will choose the zone.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "nodePoolRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}'\n\nAllowed value: The `selfLink` field of a `ContainerNodePool` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "roles": { + "description": "Immutable. Required. The roles associated with the GKE node pool.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "nodePoolRef", + "roles" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "kubernetesNamespace": { + "description": "Immutable. Optional. A namespace within the Kubernetes cluster to deploy into. If this namespace does not exist, it is created. If it exists, Dataproc verifies that another Dataproc VirtualCluster is not installed into it. If not specified, the name of the Dataproc Cluster is used.", + "type": "string" + }, + "kubernetesSoftwareConfig": { + "description": "Immutable. Optional. The software configuration for this Dataproc cluster running on Kubernetes.", + "properties": { + "componentVersion": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The components that should be installed in this Dataproc cluster. The key must be a string from the KubernetesComponent enumeration. The value is the version of the software to be installed. At least one entry must be specified.", + "type": "object" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `spark:spark.kubernetes.container.image`. The following are supported prefixes and their mappings: * spark: `spark-defaults.conf` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).", + "type": "object" + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "gkeClusterConfig" + ], + "type": "object", + "additionalProperties": false + }, + "stagingBucketRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.**\n\nAllowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kubernetesClusterConfig" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "clusterUuid": { + "description": "Output only. A cluster UUID (Unique Universal Identifier). Dataproc generates this value when it creates the cluster.", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "config": { + "properties": { + "endpointConfig": { + "properties": { + "httpPorts": { + "additionalProperties": { + "type": "string" + }, + "description": "Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "lifecycleConfig": { + "properties": { + "idleStartTime": { + "description": "Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "masterConfig": { + "properties": { + "instanceNames": { + "description": "Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.", + "items": { + "type": "string" + }, + "type": "array" + }, + "instanceReferences": { + "description": "Output only. List of references to Compute Engine instances.", + "items": { + "properties": { + "instanceId": { + "description": "The unique identifier of the Compute Engine instance.", + "type": "string" + }, + "instanceName": { + "description": "The user-friendly name of the Compute Engine instance.", + "type": "string" + }, + "publicEciesKey": { + "description": "The public ECIES key used for sharing data with this instance.", + "type": "string" + }, + "publicKey": { + "description": "The public RSA key used for sharing data with this instance.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "isPreemptible": { + "description": "Output only. Specifies that this instance group contains preemptible instances.", + "type": "boolean" + }, + "managedGroupConfig": { + "description": "Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.", + "properties": { + "instanceGroupManagerName": { + "description": "Output only. The name of the Instance Group Manager for this group.", + "type": "string" + }, + "instanceTemplateName": { + "description": "Output only. The name of the Instance Template used for the Managed Instance Group.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryWorkerConfig": { + "properties": { + "instanceNames": { + "description": "Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.", + "items": { + "type": "string" + }, + "type": "array" + }, + "instanceReferences": { + "description": "Output only. List of references to Compute Engine instances.", + "items": { + "properties": { + "instanceId": { + "description": "The unique identifier of the Compute Engine instance.", + "type": "string" + }, + "instanceName": { + "description": "The user-friendly name of the Compute Engine instance.", + "type": "string" + }, + "publicEciesKey": { + "description": "The public ECIES key used for sharing data with this instance.", + "type": "string" + }, + "publicKey": { + "description": "The public RSA key used for sharing data with this instance.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "isPreemptible": { + "description": "Output only. Specifies that this instance group contains preemptible instances.", + "type": "boolean" + }, + "managedGroupConfig": { + "description": "Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.", + "properties": { + "instanceGroupManagerName": { + "description": "Output only. The name of the Instance Group Manager for this group.", + "type": "string" + }, + "instanceTemplateName": { + "description": "Output only. The name of the Instance Template used for the Managed Instance Group.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "workerConfig": { + "properties": { + "instanceNames": { + "description": "Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.", + "items": { + "type": "string" + }, + "type": "array" + }, + "instanceReferences": { + "description": "Output only. List of references to Compute Engine instances.", + "items": { + "properties": { + "instanceId": { + "description": "The unique identifier of the Compute Engine instance.", + "type": "string" + }, + "instanceName": { + "description": "The user-friendly name of the Compute Engine instance.", + "type": "string" + }, + "publicEciesKey": { + "description": "The public ECIES key used for sharing data with this instance.", + "type": "string" + }, + "publicKey": { + "description": "The public RSA key used for sharing data with this instance.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "isPreemptible": { + "description": "Output only. Specifies that this instance group contains preemptible instances.", + "type": "boolean" + }, + "managedGroupConfig": { + "description": "Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.", + "properties": { + "instanceGroupManagerName": { + "description": "Output only. The name of the Instance Group Manager for this group.", + "type": "string" + }, + "instanceTemplateName": { + "description": "Output only. The name of the Instance Template used for the Managed Instance Group.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "metrics": { + "description": "Output only. Contains cluster daemon metrics such as HDFS and YARN stats. **Beta Feature**: This report is available for testing purposes only. It may be changed before final release.", + "properties": { + "hdfsMetrics": { + "additionalProperties": { + "type": "string" + }, + "description": "The HDFS metrics.", + "type": "object" + }, + "yarnMetrics": { + "additionalProperties": { + "type": "string" + }, + "description": "The YARN metrics.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "status": { + "description": "Output only. Cluster status.", + "properties": { + "detail": { + "description": "Optional. Output only. Details of cluster's state.", + "type": "string" + }, + "state": { + "description": "Output only. The cluster's state. Possible values: UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, STOPPED, STARTING", + "type": "string" + }, + "stateStartTime": { + "description": "Output only. Time when this state was entered (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "format": "date-time", + "type": "string" + }, + "substate": { + "description": "Output only. Additional state information that includes status reported by the agent. Possible values: UNSPECIFIED, UNHEALTHY, STALE_STATUS", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "statusHistory": { + "description": "Output only. The previous cluster status.", + "items": { + "properties": { + "detail": { + "description": "Optional. Output only. Details of cluster's state.", + "type": "string" + }, + "state": { + "description": "Output only. The cluster's state. Possible values: UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, STOPPED, STARTING", + "type": "string" + }, + "stateStartTime": { + "description": "Output only. Time when this state was entered (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "format": "date-time", + "type": "string" + }, + "substate": { + "description": "Output only. Additional state information that includes status reported by the agent. Possible values: UNSPECIFIED, UNHEALTHY, STALE_STATUS", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/dataproc.cnrm.cloud.google.com/dataprocworkflowtemplate_v1beta1.json b/dataproc.cnrm.cloud.google.com/dataprocworkflowtemplate_v1beta1.json new file mode 100644 index 00000000..267b1c4b --- /dev/null +++ b/dataproc.cnrm.cloud.google.com/dataprocworkflowtemplate_v1beta1.json @@ -0,0 +1,2012 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "dagTimeout": { + "description": "Immutable. Optional. Timeout duration for the DAG of jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). The timeout duration must be from 10 minutes (\"600s\") to 24 hours (\"86400s\"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted.", + "type": "string" + }, + "jobs": { + "description": "Immutable. Required. The Directed Acyclic Graph of Jobs to submit.", + "items": { + "properties": { + "hadoopJob": { + "description": "Immutable. Optional. Job is a Hadoop job.", + "properties": { + "archiveUris": { + "description": "Immutable. Optional. HCFS URIs of archives to be extracted in the working directory of Hadoop drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, or .zip.", + "items": { + "type": "string" + }, + "type": "array" + }, + "args": { + "description": "Immutable. Optional. The arguments to pass to the driver. Do not include arguments, such as `-libjars` or `-Dfoo=bar`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileUris": { + "description": "Immutable. Optional. HCFS (Hadoop Compatible Filesystem) URIs of files to be copied to the working directory of Hadoop drivers and distributed tasks. Useful for naively parallel tasks.", + "items": { + "type": "string" + }, + "type": "array" + }, + "jarFileUris": { + "description": "Immutable. Optional. Jar file URIs to add to the CLASSPATHs of the Hadoop driver and tasks.", + "items": { + "type": "string" + }, + "type": "array" + }, + "loggingConfig": { + "description": "Immutable. Optional. The runtime log config for job execution.", + "properties": { + "driverLogLevels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "mainClass": { + "description": "Immutable. The name of the driver's main class. The jar file containing the class must be in the default CLASSPATH or specified in `jar_file_uris`.", + "type": "string" + }, + "mainJarFileUri": { + "description": "Immutable. The HCFS URI of the jar file containing the main class. Examples: 'gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar' 'hdfs:/tmp/test-samples/custom-wordcount.jar' 'file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar'", + "type": "string" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. A mapping of property names to values, used to configure Hadoop. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site and classes in user code.", + "type": "object" + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + }, + "hiveJob": { + "description": "Immutable. Optional. Job is a Hive job.", + "properties": { + "continueOnFailure": { + "description": "Immutable. Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.", + "type": "boolean" + }, + "jarFileUris": { + "description": "Immutable. Optional. HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.", + "items": { + "type": "string" + }, + "type": "array" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.", + "type": "object" + }, + "queryFileUri": { + "description": "Immutable. The HCFS URI of the script that contains Hive queries.", + "type": "string" + }, + "queryList": { + "description": "Immutable. A list of queries.", + "properties": { + "queries": { + "description": "Immutable. Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "queries" + ], + "type": "object", + "additionalProperties": false + }, + "scriptVariables": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. Mapping of query variable names to values (equivalent to the Hive command: `SET name=\"value\";`).", + "type": "object" + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. The labels to associate with this job. Label keys must be between 1 and 63 characters long, and must conform to the following regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given job.", + "type": "object" + }, + "pigJob": { + "description": "Immutable. Optional. Job is a Pig job.", + "properties": { + "continueOnFailure": { + "description": "Immutable. Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.", + "type": "boolean" + }, + "jarFileUris": { + "description": "Immutable. Optional. HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.", + "items": { + "type": "string" + }, + "type": "array" + }, + "loggingConfig": { + "description": "Immutable. Optional. The runtime log config for job execution.", + "properties": { + "driverLogLevels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.", + "type": "object" + }, + "queryFileUri": { + "description": "Immutable. The HCFS URI of the script that contains the Pig queries.", + "type": "string" + }, + "queryList": { + "description": "Immutable. A list of queries.", + "properties": { + "queries": { + "description": "Immutable. Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "queries" + ], + "type": "object", + "additionalProperties": false + }, + "scriptVariables": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. Mapping of query variable names to values (equivalent to the Pig command: `name=[value]`).", + "type": "object" + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + }, + "prerequisiteStepIds": { + "description": "Immutable. Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.", + "items": { + "type": "string" + }, + "type": "array" + }, + "prestoJob": { + "description": "Immutable. Optional. Job is a Presto job.", + "properties": { + "clientTags": { + "description": "Immutable. Optional. Presto client tags to attach to this query", + "items": { + "type": "string" + }, + "type": "array" + }, + "continueOnFailure": { + "description": "Immutable. Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.", + "type": "boolean" + }, + "loggingConfig": { + "description": "Immutable. Optional. The runtime log config for job execution.", + "properties": { + "driverLogLevels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "outputFormat": { + "description": "Immutable. Optional. The format in which query output will be displayed. See the Presto documentation for supported output formats", + "type": "string" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. A mapping of property names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) Equivalent to using the --session flag in the Presto CLI", + "type": "object" + }, + "queryFileUri": { + "description": "Immutable. The HCFS URI of the script that contains SQL queries.", + "type": "string" + }, + "queryList": { + "description": "Immutable. A list of queries.", + "properties": { + "queries": { + "description": "Immutable. Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "queries" + ], + "type": "object", + "additionalProperties": false + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + }, + "pysparkJob": { + "description": "Immutable. Optional. Job is a PySpark job.", + "properties": { + "archiveUris": { + "description": "Immutable. Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.", + "items": { + "type": "string" + }, + "type": "array" + }, + "args": { + "description": "Immutable. Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileUris": { + "description": "Immutable. Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.", + "items": { + "type": "string" + }, + "type": "array" + }, + "jarFileUris": { + "description": "Immutable. Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks.", + "items": { + "type": "string" + }, + "type": "array" + }, + "loggingConfig": { + "description": "Immutable. Optional. The runtime log config for job execution.", + "properties": { + "driverLogLevels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "mainPythonFileUri": { + "description": "Immutable. Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file.", + "type": "string" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.", + "type": "object" + }, + "pythonFileUris": { + "description": "Immutable. Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.", + "items": { + "type": "string" + }, + "type": "array" + }, + "additionalProperties": false + }, + "required": [ + "mainPythonFileUri" + ], + "type": "object", + "additionalProperties": false + }, + "scheduling": { + "description": "Immutable. Optional. Job scheduling configuration.", + "properties": { + "maxFailuresPerHour": { + "description": "Immutable. Optional. Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. A job may be reported as thrashing if driver exits with non-zero code 4 times within 10 minute window. Maximum value is 10.", + "format": "int64", + "type": "integer" + }, + "maxFailuresTotal": { + "description": "Immutable. Optional. Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. Maximum value is 240.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "sparkJob": { + "description": "Immutable. Optional. Job is a Spark job.", + "properties": { + "archiveUris": { + "description": "Immutable. Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.", + "items": { + "type": "string" + }, + "type": "array" + }, + "args": { + "description": "Immutable. Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileUris": { + "description": "Immutable. Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.", + "items": { + "type": "string" + }, + "type": "array" + }, + "jarFileUris": { + "description": "Immutable. Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.", + "items": { + "type": "string" + }, + "type": "array" + }, + "loggingConfig": { + "description": "Immutable. Optional. The runtime log config for job execution.", + "properties": { + "driverLogLevels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "mainClass": { + "description": "Immutable. The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in `jar_file_uris`.", + "type": "string" + }, + "mainJarFileUri": { + "description": "Immutable. The HCFS URI of the jar file that contains the main class.", + "type": "string" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.", + "type": "object" + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + }, + "sparkRJob": { + "description": "Immutable. Optional. Job is a SparkR job.", + "properties": { + "archiveUris": { + "description": "Immutable. Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.", + "items": { + "type": "string" + }, + "type": "array" + }, + "args": { + "description": "Immutable. Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileUris": { + "description": "Immutable. Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.", + "items": { + "type": "string" + }, + "type": "array" + }, + "loggingConfig": { + "description": "Immutable. Optional. The runtime log config for job execution.", + "properties": { + "driverLogLevels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "mainRFileUri": { + "description": "Immutable. Required. The HCFS URI of the main R file to use as the driver. Must be a .R file.", + "type": "string" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. A mapping of property names to values, used to configure SparkR. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.", + "type": "object" + }, + "additionalProperties": false + }, + "required": [ + "mainRFileUri" + ], + "type": "object", + "additionalProperties": false + }, + "sparkSqlJob": { + "description": "Immutable. Optional. Job is a SparkSql job.", + "properties": { + "jarFileUris": { + "description": "Immutable. Optional. HCFS URIs of jar files to be added to the Spark CLASSPATH.", + "items": { + "type": "string" + }, + "type": "array" + }, + "loggingConfig": { + "description": "Immutable. Optional. The runtime log config for job execution.", + "properties": { + "driverLogLevels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Dataproc API may be overwritten.", + "type": "object" + }, + "queryFileUri": { + "description": "Immutable. The HCFS URI of the script that contains SQL queries.", + "type": "string" + }, + "queryList": { + "description": "Immutable. A list of queries.", + "properties": { + "queries": { + "description": "Immutable. Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "queries" + ], + "type": "object", + "additionalProperties": false + }, + "scriptVariables": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. Mapping of query variable names to values (equivalent to the Spark SQL command: SET `name=\"value\";`).", + "type": "object" + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + }, + "stepId": { + "description": "Immutable. Required. The step id. The id must be unique among all jobs within the template. The step id is used as prefix for job id, as job `goog-dataproc-workflow-step-id` label, and in prerequisiteStepIds field from other steps. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.", + "type": "string" + } + }, + "required": [ + "stepId" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "parameters": { + "description": "Immutable. Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.", + "items": { + "properties": { + "description": { + "description": "Immutable. Optional. Brief description of the parameter. Must not exceed 1024 characters.", + "type": "string" + }, + "fields": { + "description": "Immutable. Required. Paths to all fields that the parameter replaces. A field is allowed to appear in at most one parameter's list of field paths. A field path is similar in syntax to a google.protobuf.FieldMask. For example, a field path that references the zone field of a workflow template's cluster selector would be specified as `placement.clusterSelector.zone`. Also, field paths can reference fields using the following syntax: * Values in maps can be referenced by key: * labels['key'] * placement.clusterSelector.clusterLabels['key'] * placement.managedCluster.labels['key'] * placement.clusterSelector.clusterLabels['key'] * jobs['step-id'].labels['key'] * Jobs in the jobs list can be referenced by step-id: * jobs['step-id'].hadoopJob.mainJarFileUri * jobs['step-id'].hiveJob.queryFileUri * jobs['step-id'].pySparkJob.mainPythonFileUri * jobs['step-id'].hadoopJob.jarFileUris[0] * jobs['step-id'].hadoopJob.archiveUris[0] * jobs['step-id'].hadoopJob.fileUris[0] * jobs['step-id'].pySparkJob.pythonFileUris[0] * Items in repeated fields can be referenced by a zero-based index: * jobs['step-id'].sparkJob.args[0] * Other examples: * jobs['step-id'].hadoopJob.properties['key'] * jobs['step-id'].hadoopJob.args[0] * jobs['step-id'].hiveJob.scriptVariables['key'] * jobs['step-id'].hadoopJob.mainJarFileUri * placement.clusterSelector.zone It may not be possible to parameterize maps and repeated fields in their entirety since only individual map values and individual items in repeated fields can be referenced. For example, the following field paths are invalid: - placement.clusterSelector.clusterLabels - jobs['step-id'].sparkJob.args", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "Immutable. Required. Parameter name. The parameter name is used as the key, and paired with the parameter value, which are passed to the template when the template is instantiated. The name must contain only capital letters (A-Z), numbers (0-9), and underscores (_), and must not start with a number. The maximum length is 40 characters.", + "type": "string" + }, + "validation": { + "description": "Immutable. Optional. Validation rules to be applied to this parameter's value.", + "properties": { + "regex": { + "description": "Immutable. Validation based on regular expressions.", + "properties": { + "regexes": { + "description": "Immutable. Required. RE2 regular expressions used to validate the parameter's value. The value must match the regex in its entirety (substring matches are not sufficient).", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "regexes" + ], + "type": "object", + "additionalProperties": false + }, + "values": { + "description": "Immutable. Validation based on a list of allowed values.", + "properties": { + "values": { + "description": "Immutable. Required. List of allowed values for the parameter.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "values" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "fields", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "placement": { + "description": "Immutable. Required. WorkflowTemplate scheduling information.", + "properties": { + "clusterSelector": { + "description": "Immutable. Optional. A selector that chooses target cluster for jobs based on metadata. The selector is evaluated at the time each job is submitted.", + "properties": { + "clusterLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Required. The cluster labels. Cluster must have all labels to match.", + "type": "object" + }, + "zone": { + "description": "Immutable. Optional. The zone where workflow process executes. This parameter does not affect the selection of the cluster. If unspecified, the zone of the first cluster matching the selector is used.", + "type": "string" + } + }, + "required": [ + "clusterLabels" + ], + "type": "object", + "additionalProperties": false + }, + "managedCluster": { + "description": "Immutable. A cluster that is managed by the workflow.", + "properties": { + "clusterName": { + "description": "Immutable. Required. The cluster name prefix. A unique cluster name will be formed by appending a random suffix. The name must contain only lower-case letters (a-z), numbers (0-9), and hyphens (-). Must begin with a letter. Cannot begin or end with hyphen. Must consist of between 2 and 35 characters.", + "type": "string" + }, + "config": { + "description": "Immutable. Required. The cluster configuration.", + "properties": { + "autoscalingConfig": { + "description": "Immutable. Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset.", + "properties": { + "policyRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region.\n\nAllowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "encryptionConfig": { + "description": "Immutable. Optional. Encryption settings for the cluster.", + "properties": { + "gcePdKmsKeyRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.\n\nAllowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "endpointConfig": { + "description": "Immutable. Optional. Port/endpoint configuration for this cluster", + "properties": { + "enableHttpPortAccess": { + "description": "Immutable. Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "gceClusterConfig": { + "description": "Immutable. Optional. The shared Compute Engine config settings for all instances in a cluster.", + "properties": { + "internalIPOnly": { + "description": "Immutable. Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses.", + "type": "boolean" + }, + "metadata": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)).", + "type": "object" + }, + "networkRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default`\n\nAllowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nodeGroupAffinity": { + "description": "Immutable. Optional. Node Group Affinity for sole-tenant clusters.", + "properties": { + "nodeGroupRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1`\n\nAllowed value: The `selfLink` field of a `ComputeNodeGroup` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "nodeGroupRef" + ], + "type": "object", + "additionalProperties": false + }, + "privateIPv6GoogleAccess": { + "description": "Immutable. Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL", + "type": "string" + }, + "reservationAffinity": { + "description": "Immutable. Optional. Reservation Affinity for consuming Zonal reservation.", + "properties": { + "consumeReservationType": { + "description": "Immutable. Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION", + "type": "string" + }, + "key": { + "description": "Immutable. Optional. Corresponds to the label key of reservation resource.", + "type": "string" + }, + "values": { + "description": "Immutable. Optional. Corresponds to the label values of reservation resource.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountScopes": { + "description": "Immutable. Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control", + "items": { + "type": "string" + }, + "type": "array" + }, + "shieldedInstanceConfig": { + "description": "Immutable. Optional. Shielded Instance Config for clusters using Compute Engine Shielded VMs.", + "properties": { + "enableIntegrityMonitoring": { + "description": "Immutable. Optional. Defines whether instances have integrity monitoring enabled. Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not.", + "type": "boolean" + }, + "enableSecureBoot": { + "description": "Immutable. Optional. Defines whether the instances have Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.", + "type": "boolean" + }, + "enableVtpm": { + "description": "Immutable. Optional. Defines whether the instance have the vTPM enabled. Virtual Trusted Platform Module protects objects like keys, certificates and enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "subnetworkRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0`\n\nAllowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tags": { + "description": "Immutable. The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).", + "items": { + "type": "string" + }, + "type": "array" + }, + "zone": { + "description": "Immutable. Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the \"global\" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "initializationActions": { + "description": "Immutable. Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node's `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ \"${ROLE}\" == 'Master' ]]; then ... master specific actions ... else ... worker specific actions ... fi", + "items": { + "properties": { + "executableFile": { + "description": "Immutable. Required. Cloud Storage URI of executable file.", + "type": "string" + }, + "executionTimeout": { + "description": "Immutable. Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "lifecycleConfig": { + "description": "Immutable. Optional. Lifecycle setting for the cluster.", + "properties": { + "autoDeleteTime": { + "description": "Immutable. Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "format": "date-time", + "type": "string" + }, + "autoDeleteTtl": { + "description": "Immutable. Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "type": "string" + }, + "idleDeleteTtl": { + "description": "Immutable. Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "masterConfig": { + "description": "Immutable. Optional. The Compute Engine config settings for the master instance in a cluster.", + "properties": { + "accelerators": { + "description": "Immutable. Optional. The Compute Engine accelerator configuration for these instances.", + "items": { + "properties": { + "acceleratorCount": { + "description": "Immutable. The number of the accelerator cards of this type exposed to this instance.", + "format": "int64", + "type": "integer" + }, + "acceleratorType": { + "description": "Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "diskConfig": { + "description": "Immutable. Optional. Disk option config settings.", + "properties": { + "bootDiskSizeGb": { + "description": "Immutable. Optional. Size in GB of the boot disk (default is 500GB).", + "format": "int64", + "type": "integer" + }, + "bootDiskType": { + "description": "Immutable. Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).", + "type": "string" + }, + "numLocalSsds": { + "description": "Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "imageRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.\n\nAllowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "machineType": { + "description": "Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).", + "type": "string" + }, + "numInstances": { + "description": "Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.", + "format": "int64", + "type": "integer" + }, + "preemptibility": { + "description": "Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryWorkerConfig": { + "description": "Immutable. Optional. The Compute Engine config settings for additional worker instances in a cluster.", + "properties": { + "accelerators": { + "description": "Immutable. Optional. The Compute Engine accelerator configuration for these instances.", + "items": { + "properties": { + "acceleratorCount": { + "description": "Immutable. The number of the accelerator cards of this type exposed to this instance.", + "format": "int64", + "type": "integer" + }, + "acceleratorType": { + "description": "Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "diskConfig": { + "description": "Immutable. Optional. Disk option config settings.", + "properties": { + "bootDiskSizeGb": { + "description": "Immutable. Optional. Size in GB of the boot disk (default is 500GB).", + "format": "int64", + "type": "integer" + }, + "bootDiskType": { + "description": "Immutable. Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).", + "type": "string" + }, + "numLocalSsds": { + "description": "Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "imageRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.\n\nAllowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "machineType": { + "description": "Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).", + "type": "string" + }, + "numInstances": { + "description": "Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.", + "format": "int64", + "type": "integer" + }, + "preemptibility": { + "description": "Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "securityConfig": { + "description": "Immutable. Optional. Security settings for the cluster.", + "properties": { + "kerberosConfig": { + "description": "Immutable. Optional. Kerberos related configuration.", + "properties": { + "crossRealmTrustAdminServer": { + "description": "Immutable. Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.", + "type": "string" + }, + "crossRealmTrustKdc": { + "description": "Immutable. Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.", + "type": "string" + }, + "crossRealmTrustRealm": { + "description": "Immutable. Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.", + "type": "string" + }, + "crossRealmTrustSharedPassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship.", + "type": "string" + }, + "enableKerberos": { + "description": "Immutable. Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.", + "type": "boolean" + }, + "kdcDbKey": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.", + "type": "string" + }, + "keyPassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.", + "type": "string" + }, + "keystore": { + "description": "Immutable. Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.", + "type": "string" + }, + "keystorePassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc.", + "type": "string" + }, + "kmsKeyRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The uri of the KMS key used to encrypt various sensitive files.\n\nAllowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "realm": { + "description": "Immutable. Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.", + "type": "string" + }, + "rootPrincipalPassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password.", + "type": "string" + }, + "tgtLifetimeHours": { + "description": "Immutable. Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used.", + "format": "int64", + "type": "integer" + }, + "truststore": { + "description": "Immutable. Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.", + "type": "string" + }, + "truststorePassword": { + "description": "Immutable. Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "softwareConfig": { + "description": "Immutable. Optional. The config settings for software inside the cluster.", + "properties": { + "imageVersion": { + "description": "Immutable. Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the [\"preview\" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.", + "type": "string" + }, + "optionalComponents": { + "description": "Immutable. Optional. The set of components to activate on the cluster.", + "items": { + "type": "string" + }, + "type": "array" + }, + "properties": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).", + "type": "object" + }, + "additionalProperties": false + }, + "type": "object", + "additionalProperties": false + }, + "stagingBucketRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**\n\nAllowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tempBucketRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**\n\nAllowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "workerConfig": { + "description": "Immutable. Optional. The Compute Engine config settings for worker instances in a cluster.", + "properties": { + "accelerators": { + "description": "Immutable. Optional. The Compute Engine accelerator configuration for these instances.", + "items": { + "properties": { + "acceleratorCount": { + "description": "Immutable. The number of the accelerator cards of this type exposed to this instance.", + "format": "int64", + "type": "integer" + }, + "acceleratorType": { + "description": "Immutable. Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "diskConfig": { + "description": "Immutable. Optional. Disk option config settings.", + "properties": { + "bootDiskSizeGb": { + "description": "Immutable. Optional. Size in GB of the boot disk (default is 500GB).", + "format": "int64", + "type": "integer" + }, + "bootDiskType": { + "description": "Immutable. Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).", + "type": "string" + }, + "numLocalSsds": { + "description": "Immutable. Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "imageRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.\n\nAllowed value: The `selfLink` field of a `ComputeImage` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "machineType": { + "description": "Immutable. Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.", + "type": "string" + }, + "minCpuPlatform": { + "description": "Immutable. Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).", + "type": "string" + }, + "numInstances": { + "description": "Immutable. Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.", + "format": "int64", + "type": "integer" + }, + "preemptibility": { + "description": "Immutable. Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. The labels to associate with this cluster. Label keys must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given cluster.", + "type": "object" + } + }, + "required": [ + "clusterName", + "config" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "jobs", + "location", + "placement" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time template was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "placement": { + "properties": { + "managedCluster": { + "properties": { + "config": { + "properties": { + "endpointConfig": { + "properties": { + "httpPorts": { + "additionalProperties": { + "type": "string" + }, + "description": "Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "lifecycleConfig": { + "properties": { + "idleStartTime": { + "description": "Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "masterConfig": { + "properties": { + "instanceNames": { + "description": "Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.", + "items": { + "type": "string" + }, + "type": "array" + }, + "isPreemptible": { + "description": "Output only. Specifies that this instance group contains preemptible instances.", + "type": "boolean" + }, + "managedGroupConfig": { + "description": "Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.", + "properties": { + "instanceGroupManagerName": { + "description": "Output only. The name of the Instance Group Manager for this group.", + "type": "string" + }, + "instanceTemplateName": { + "description": "Output only. The name of the Instance Template used for the Managed Instance Group.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryWorkerConfig": { + "properties": { + "instanceNames": { + "description": "Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.", + "items": { + "type": "string" + }, + "type": "array" + }, + "isPreemptible": { + "description": "Output only. Specifies that this instance group contains preemptible instances.", + "type": "boolean" + }, + "managedGroupConfig": { + "description": "Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.", + "properties": { + "instanceGroupManagerName": { + "description": "Output only. The name of the Instance Group Manager for this group.", + "type": "string" + }, + "instanceTemplateName": { + "description": "Output only. The name of the Instance Template used for the Managed Instance Group.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "workerConfig": { + "properties": { + "instanceNames": { + "description": "Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.", + "items": { + "type": "string" + }, + "type": "array" + }, + "isPreemptible": { + "description": "Output only. Specifies that this instance group contains preemptible instances.", + "type": "boolean" + }, + "managedGroupConfig": { + "description": "Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.", + "properties": { + "instanceGroupManagerName": { + "description": "Output only. The name of the Instance Group Manager for this group.", + "type": "string" + }, + "instanceTemplateName": { + "description": "Output only. The name of the Instance Template used for the Managed Instance Group.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "updateTime": { + "description": "Output only. The time template was last updated.", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Output only. The current version of this workflow template.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/dlp.cnrm.cloud.google.com/dlpdeidentifytemplate_v1beta1.json b/dlp.cnrm.cloud.google.com/dlpdeidentifytemplate_v1beta1.json new file mode 100644 index 00000000..cb520b75 --- /dev/null +++ b/dlp.cnrm.cloud.google.com/dlpdeidentifytemplate_v1beta1.json @@ -0,0 +1,3971 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "organizationRef" + ] + }, + { + "required": [ + "projectRef" + ] + } + ], + "properties": { + "deidentifyConfig": { + "description": "The core content of the template.", + "properties": { + "infoTypeTransformations": { + "description": "Treat the dataset as free-form text and apply the same free text transformation everywhere.", + "properties": { + "transformations": { + "description": "Required. Transformation for each infoType. Cannot specify more than one for a given infoType.", + "items": { + "properties": { + "infoTypes": { + "description": "InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.", + "items": { + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "primitiveTransformation": { + "description": "Required. Primitive transformation to apply to the infoType.", + "properties": { + "bucketingConfig": { + "description": "Bucketing", + "properties": { + "buckets": { + "description": "Set of buckets. Ranges must be non-overlapping.", + "items": { + "properties": { + "max": { + "description": "Upper bound of the range, exclusive; type must match min.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "min": { + "description": "Lower bound of the range, inclusive. Type should be the same as max if used.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "replacementValue": { + "description": "Required. Replacement value for this bucket.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "replacementValue" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "characterMaskConfig": { + "description": "Mask", + "properties": { + "charactersToIgnore": { + "description": "When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.", + "items": { + "properties": { + "charactersToSkip": { + "description": "Characters to not transform when masking.", + "type": "string" + }, + "commonCharactersToIgnore": { + "description": "Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, PUNCTUATION, WHITESPACE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "maskingCharacter": { + "description": "Character to use to mask the sensitive values\u2014for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.", + "type": "string" + }, + "numberToMask": { + "description": "Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.", + "format": "int64", + "type": "integer" + }, + "reverseOrder": { + "description": "Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoDeterministicConfig": { + "description": "Deterministic Crypto", + "properties": { + "context": { + "description": "A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "surrogateInfoType": { + "description": "The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: \u29ddMY_TOKEN_TYPE.", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoHashConfig": { + "description": "Crypto", + "properties": { + "cryptoKey": { + "description": "The key used by the hash function.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoReplaceFfxFpeConfig": { + "description": "Ffx-Fpe", + "properties": { + "commonAlphabet": { + "description": "Common alphabets. Possible values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC", + "type": "string" + }, + "context": { + "description": "The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "Required. The key used by the encryption algorithm.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "customAlphabet": { + "description": "This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;\"'<,>.?/``", + "type": "string" + }, + "radix": { + "description": "The native way to select the alphabet. Must be in the range [2, 95].", + "format": "int64", + "type": "integer" + }, + "surrogateInfoType": { + "description": "The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: \u29ddMY_TOKEN_TYPE", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "cryptoKey" + ], + "type": "object", + "additionalProperties": false + }, + "dateShiftConfig": { + "description": "Date Shift", + "properties": { + "context": { + "description": "Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "lowerBoundDays": { + "description": "Required. For example, -5 means shift date to at most 5 days back in the past.", + "format": "int64", + "type": "integer" + }, + "upperBoundDays": { + "description": "Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "lowerBoundDays", + "upperBoundDays" + ], + "type": "object", + "additionalProperties": false + }, + "fixedSizeBucketingConfig": { + "description": "Fixed size bucketing", + "properties": { + "bucketSize": { + "description": "Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.", + "format": "double", + "type": "number" + }, + "lowerBound": { + "description": "Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value \"-10\".", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "upperBound": { + "description": "Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value \"89+\".", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "bucketSize", + "lowerBound", + "upperBound" + ], + "type": "object", + "additionalProperties": false + }, + "redactConfig": { + "description": "Redact", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "replaceConfig": { + "description": "Replace with a specified value.", + "properties": { + "newValue": { + "description": "Value to replace it with.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "replaceWithInfoTypeConfig": { + "description": "Replace with infotype", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "timePartConfig": { + "description": "Time extraction", + "properties": { + "partToExtract": { + "description": "The part of the time to keep. Possible values: TIME_PART_UNSPECIFIED, YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, HOUR_OF_DAY", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "primitiveTransformation" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "transformations" + ], + "type": "object", + "additionalProperties": false + }, + "recordTransformations": { + "description": "Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.", + "properties": { + "fieldTransformations": { + "description": "Transform the record by applying various field transformations.", + "items": { + "properties": { + "condition": { + "description": "Only apply the transformation if the condition evaluates to true for the given `RecordCondition`. The conditions are allowed to reference fields that are not used in the actual transformation. Example Use Cases: - Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range. - Redact a field if the date of birth field is greater than 85.", + "properties": { + "expressions": { + "description": "An expression.", + "properties": { + "conditions": { + "description": "Conditions to apply to the expression.", + "properties": { + "conditions": { + "description": "A collection of conditions.", + "items": { + "properties": { + "field": { + "description": "Required. Field within the record this condition is evaluated against.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "operator": { + "description": "Required. Operator used to compare the field or infoType to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, AND", + "type": "string" + }, + "value": { + "description": "Value to compare against. [Mandatory, except for `EXISTS` tests.]", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "field", + "operator" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "logicalOperator": { + "description": "The operator to apply to the result of conditions. Default and currently only supported value is `AND`. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, AND", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "fields": { + "description": "Required. Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. FieldId name matching ignores the index. For example, instead of \"contact.nums[0].type\", use \"contact.nums.type\".", + "items": { + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "infoTypeTransformations": { + "description": "Treat the contents of the field as free text, and selectively transform content that matches an `InfoType`.", + "properties": { + "transformations": { + "description": "Required. Transformation for each infoType. Cannot specify more than one for a given infoType.", + "items": { + "properties": { + "infoTypes": { + "description": "InfoTypes to apply the transformation to. An empty list will cause this transformation to apply to all findings that correspond to infoTypes that were requested in `InspectConfig`.", + "items": { + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "primitiveTransformation": { + "description": "Required. Primitive transformation to apply to the infoType.", + "properties": { + "bucketingConfig": { + "description": "Bucketing", + "properties": { + "buckets": { + "description": "Set of buckets. Ranges must be non-overlapping.", + "items": { + "properties": { + "max": { + "description": "Upper bound of the range, exclusive; type must match min.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "min": { + "description": "Lower bound of the range, inclusive. Type should be the same as max if used.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "replacementValue": { + "description": "Required. Replacement value for this bucket.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "replacementValue" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "characterMaskConfig": { + "description": "Mask", + "properties": { + "charactersToIgnore": { + "description": "When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.", + "items": { + "properties": { + "charactersToSkip": { + "description": "Characters to not transform when masking.", + "type": "string" + }, + "commonCharactersToIgnore": { + "description": "Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, PUNCTUATION, WHITESPACE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "maskingCharacter": { + "description": "Character to use to mask the sensitive values\u2014for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.", + "type": "string" + }, + "numberToMask": { + "description": "Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.", + "format": "int64", + "type": "integer" + }, + "reverseOrder": { + "description": "Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoDeterministicConfig": { + "description": "Deterministic Crypto", + "properties": { + "context": { + "description": "A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "surrogateInfoType": { + "description": "The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: \u29ddMY_TOKEN_TYPE.", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoHashConfig": { + "description": "Crypto", + "properties": { + "cryptoKey": { + "description": "The key used by the hash function.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoReplaceFfxFpeConfig": { + "description": "Ffx-Fpe", + "properties": { + "commonAlphabet": { + "description": "Common alphabets. Possible values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC", + "type": "string" + }, + "context": { + "description": "The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "Required. The key used by the encryption algorithm.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "customAlphabet": { + "description": "This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;\"'<,>.?/``", + "type": "string" + }, + "radix": { + "description": "The native way to select the alphabet. Must be in the range [2, 95].", + "format": "int64", + "type": "integer" + }, + "surrogateInfoType": { + "description": "The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: \u29ddMY_TOKEN_TYPE", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "cryptoKey" + ], + "type": "object", + "additionalProperties": false + }, + "dateShiftConfig": { + "description": "Date Shift", + "properties": { + "context": { + "description": "Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "lowerBoundDays": { + "description": "Required. For example, -5 means shift date to at most 5 days back in the past.", + "format": "int64", + "type": "integer" + }, + "upperBoundDays": { + "description": "Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "lowerBoundDays", + "upperBoundDays" + ], + "type": "object", + "additionalProperties": false + }, + "fixedSizeBucketingConfig": { + "description": "Fixed size bucketing", + "properties": { + "bucketSize": { + "description": "Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.", + "format": "double", + "type": "number" + }, + "lowerBound": { + "description": "Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value \"-10\".", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "upperBound": { + "description": "Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value \"89+\".", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "bucketSize", + "lowerBound", + "upperBound" + ], + "type": "object", + "additionalProperties": false + }, + "redactConfig": { + "description": "Redact", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "replaceConfig": { + "description": "Replace with a specified value.", + "properties": { + "newValue": { + "description": "Value to replace it with.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "replaceWithInfoTypeConfig": { + "description": "Replace with infotype", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "timePartConfig": { + "description": "Time extraction", + "properties": { + "partToExtract": { + "description": "The part of the time to keep. Possible values: TIME_PART_UNSPECIFIED, YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, HOUR_OF_DAY", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "primitiveTransformation" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "transformations" + ], + "type": "object", + "additionalProperties": false + }, + "primitiveTransformation": { + "description": "Apply the transformation to the entire field.", + "properties": { + "bucketingConfig": { + "description": "Bucketing", + "properties": { + "buckets": { + "description": "Set of buckets. Ranges must be non-overlapping.", + "items": { + "properties": { + "max": { + "description": "Upper bound of the range, exclusive; type must match min.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "min": { + "description": "Lower bound of the range, inclusive. Type should be the same as max if used.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "replacementValue": { + "description": "Required. Replacement value for this bucket.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "replacementValue" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "characterMaskConfig": { + "description": "Mask", + "properties": { + "charactersToIgnore": { + "description": "When masking a string, items in this list will be skipped when replacing characters. For example, if the input string is `555-555-5555` and you instruct Cloud DLP to skip `-` and mask 5 characters with `*`, Cloud DLP returns `***-**5-5555`.", + "items": { + "properties": { + "charactersToSkip": { + "description": "Characters to not transform when masking.", + "type": "string" + }, + "commonCharactersToIgnore": { + "description": "Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: COMMON_CHARS_TO_IGNORE_UNSPECIFIED, NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, PUNCTUATION, WHITESPACE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "maskingCharacter": { + "description": "Character to use to mask the sensitive values\u2014for example, `*` for an alphabetic string such as a name, or `0` for a numeric string such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to `*` for strings, and `0` for digits.", + "type": "string" + }, + "numberToMask": { + "description": "Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.", + "format": "int64", + "type": "integer" + }, + "reverseOrder": { + "description": "Mask characters in reverse order. For example, if `masking_character` is `0`, `number_to_mask` is `14`, and `reverse_order` is `false`, then the input string `1234-5678-9012-3456` is masked as `00000000000000-3456`. If `masking_character` is `*`, `number_to_mask` is `3`, and `reverse_order` is `true`, then the string `12345` is masked as `12***`.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoDeterministicConfig": { + "description": "Deterministic Crypto", + "properties": { + "context": { + "description": "A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "surrogateInfoType": { + "description": "The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - reverse a surrogate that does not correspond to an actual identifier - be unable to parse the surrogate and result in an error Therefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: \u29ddMY_TOKEN_TYPE.", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoHashConfig": { + "description": "Crypto", + "properties": { + "cryptoKey": { + "description": "The key used by the hash function.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoReplaceFfxFpeConfig": { + "description": "Ffx-Fpe", + "properties": { + "commonAlphabet": { + "description": "Common alphabets. Possible values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC", + "type": "string" + }, + "context": { + "description": "The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. If the context is set but: 1. there is no record present when transforming a given value or 1. the field is not present when transforming a given value, a default tweak will be used. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s. Currently, the referenced field may be of value type integer or string. The tweak is constructed as a sequence of bytes in big endian byte order such that: - a 64 bit integer is encoded followed by a single byte of value 1 - a string is encoded in UTF-8 format followed by a single byte of value 2", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "Required. The key used by the encryption algorithm.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "customAlphabet": { + "description": "This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;\"'<,>.?/``", + "type": "string" + }, + "radix": { + "description": "The native way to select the alphabet. Must be in the range [2, 95].", + "format": "int64", + "type": "integer" + }, + "surrogateInfoType": { + "description": "The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' This annotation identifies the surrogate when inspecting content using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text. In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: \u29ddMY_TOKEN_TYPE", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "cryptoKey" + ], + "type": "object", + "additionalProperties": false + }, + "dateShiftConfig": { + "description": "Date Shift", + "properties": { + "context": { + "description": "Points to the field that contains the context, for example, an entity id. If set, must also set cryptoKey. If set, shift will be consistent for the given context.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cryptoKey": { + "description": "Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and crypto_key. If set, must also set context. Can only be applied to table items.", + "properties": { + "kmsWrapped": { + "description": "Key wrapped using Cloud KMS", + "properties": { + "cryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The resource name of the KMS CryptoKey to use for unwrapping.\n\nAllowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wrappedKey": { + "description": "Required. The wrapped data crypto key.", + "type": "string" + } + }, + "required": [ + "cryptoKeyRef", + "wrappedKey" + ], + "type": "object", + "additionalProperties": false + }, + "transient": { + "description": "Transient crypto key", + "properties": { + "name": { + "description": "Required. Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate `TransientCryptoKey` protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "unwrapped": { + "description": "Unwrapped crypto key", + "properties": { + "key": { + "description": "Required. A 128/192/256 bit key.", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "lowerBoundDays": { + "description": "Required. For example, -5 means shift date to at most 5 days back in the past.", + "format": "int64", + "type": "integer" + }, + "upperBoundDays": { + "description": "Required. Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. For example, 3 means shift date to at most 3 days into the future.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "lowerBoundDays", + "upperBoundDays" + ], + "type": "object", + "additionalProperties": false + }, + "fixedSizeBucketingConfig": { + "description": "Fixed size bucketing", + "properties": { + "bucketSize": { + "description": "Required. Size of each bucket (except for minimum and maximum buckets). So if `lower_bound` = 10, `upper_bound` = 89, and `bucket_size` = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. Precision up to 2 decimals works.", + "format": "double", + "type": "number" + }, + "lowerBound": { + "description": "Required. Lower bound value of buckets. All values less than `lower_bound` are grouped together into a single bucket; for example if `lower_bound` = 10, then all values less than 10 are replaced with the value \"-10\".", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "upperBound": { + "description": "Required. Upper bound value of buckets. All values greater than upper_bound are grouped together into a single bucket; for example if `upper_bound` = 89, then all values greater than 89 are replaced with the value \"89+\".", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "bucketSize", + "lowerBound", + "upperBound" + ], + "type": "object", + "additionalProperties": false + }, + "redactConfig": { + "description": "Redact", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "replaceConfig": { + "description": "Replace with a specified value.", + "properties": { + "newValue": { + "description": "Value to replace it with.", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "replaceWithInfoTypeConfig": { + "description": "Replace with infotype", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "timePartConfig": { + "description": "Time extraction", + "properties": { + "partToExtract": { + "description": "The part of the time to keep. Possible values: TIME_PART_UNSPECIFIED, YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, HOUR_OF_DAY", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "fields" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "recordSuppressions": { + "description": "Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.", + "items": { + "properties": { + "condition": { + "description": "A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.", + "properties": { + "expressions": { + "description": "An expression.", + "properties": { + "conditions": { + "description": "Conditions to apply to the expression.", + "properties": { + "conditions": { + "description": "A collection of conditions.", + "items": { + "properties": { + "field": { + "description": "Required. Field within the record this condition is evaluated against.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "operator": { + "description": "Required. Operator used to compare the field or infoType to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, AND", + "type": "string" + }, + "value": { + "description": "Value to compare against. [Mandatory, except for `EXISTS` tests.]", + "properties": { + "booleanValue": { + "description": "boolean", + "type": "boolean" + }, + "dateValue": { + "description": "date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int64", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int64", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "dayOfWeekValue": { + "description": "day of week Possible values: DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY", + "type": "string" + }, + "floatValue": { + "description": "float", + "format": "double", + "type": "number" + }, + "integerValue": { + "description": "integer", + "format": "int64", + "type": "integer" + }, + "stringValue": { + "description": "string", + "type": "string" + }, + "timeValue": { + "description": "time of day", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int64", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int64", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int64", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestampValue": { + "description": "timestamp", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "field", + "operator" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "logicalOperator": { + "description": "The operator to apply to the result of conditions. Default and currently only supported value is `AND`. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, AND", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "transformationErrorHandling": { + "description": "Mode for handling transformation errors. If left unspecified, the default mode is `TransformationErrorHandling.ThrowError`.", + "properties": { + "leaveUntransformed": { + "description": "Ignore errors", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "throwError": { + "description": "Throw an error", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Short description (max 256 chars).", + "type": "string" + }, + "displayName": { + "description": "Display name (max 256 chars).", + "type": "string" + }, + "location": { + "description": "Immutable. The location of the resource", + "type": "string" + }, + "organizationRef": { + "description": "Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The creation timestamp of an inspectTemplate.", + "format": "date-time", + "type": "string" + }, + "locationId": { + "description": "Output only. The geographic location where this resource is stored.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The last update timestamp of an inspectTemplate.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/dlp.cnrm.cloud.google.com/dlpinspecttemplate_v1beta1.json b/dlp.cnrm.cloud.google.com/dlpinspecttemplate_v1beta1.json new file mode 100644 index 00000000..d76567ac --- /dev/null +++ b/dlp.cnrm.cloud.google.com/dlpinspecttemplate_v1beta1.json @@ -0,0 +1,608 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "organizationRef" + ] + }, + { + "required": [ + "projectRef" + ] + } + ], + "properties": { + "description": { + "description": "Short description (max 256 chars).", + "type": "string" + }, + "displayName": { + "description": "Display name (max 256 chars).", + "type": "string" + }, + "inspectConfig": { + "description": "The core content of the template. Configuration of the scanning process.", + "properties": { + "contentOptions": { + "description": "List of options defining data content to scan. If empty, text, images, and other content will be included.", + "items": { + "type": "string" + }, + "type": "array" + }, + "customInfoTypes": { + "description": "CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.", + "items": { + "properties": { + "dictionary": { + "description": "A list of phrases to detect as a CustomInfoType.", + "properties": { + "cloudStoragePath": { + "description": "Newline-delimited file of words in Cloud Storage. Only a single file is accepted.", + "properties": { + "path": { + "description": "A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wordList": { + "description": "List of words or phrases to search for.", + "properties": { + "words": { + "description": "Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "exclusionType": { + "description": "If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE", + "type": "string" + }, + "infoType": { + "description": "CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in `InspectContent.info_types` field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in `InspectContent.info_types` list then the name is treated as a custom info type.", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "likelihood": { + "description": "Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to `VERY_LIKELY` if not specified. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY", + "type": "string" + }, + "regex": { + "description": "Regular expression based CustomInfoType.", + "properties": { + "groupIndexes": { + "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "storedType": { + "description": "Load an existing `StoredInfoType` resource for use in `InspectDataSource`. Not currently supported in `InspectContent`.", + "properties": { + "createTime": { + "description": "Timestamp indicating when the version of the `StoredInfoType` used for inspection was created. Output-only field, populated by the system.", + "format": "date-time", + "type": "string" + }, + "nameRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`.\n\nAllowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "surrogateType": { + "description": "Message for detecting output from deidentification transformations that support reversing.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "excludeInfoTypes": { + "description": "When true, excludes type information of the findings.", + "type": "boolean" + }, + "includeQuote": { + "description": "When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote.", + "type": "boolean" + }, + "infoTypes": { + "description": "Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/dlp/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time.", + "items": { + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "limits": { + "description": "Configuration to control the number of findings returned.", + "properties": { + "maxFindingsPerInfoType": { + "description": "Configuration of findings limit given for specified infoTypes.", + "items": { + "properties": { + "infoType": { + "description": "Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit.", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "maxFindings": { + "description": "Max findings limit for the given infoType.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "maxFindingsPerItem": { + "description": "Max number of findings that will be returned for each item scanned. When set within `InspectJobConfig`, the maximum returned is 2000 regardless if this is set higher. When set within `InspectContentRequest`, this field is ignored.", + "format": "int64", + "type": "integer" + }, + "maxFindingsPerRequest": { + "description": "Max number of findings that will be returned per request/job. When set within `InspectContentRequest`, the maximum returned is 2000 regardless if this is set higher.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "minLikelihood": { + "description": "Only returns findings equal or above this threshold. The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY", + "type": "string" + }, + "ruleSet": { + "description": "Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type.", + "items": { + "properties": { + "infoTypes": { + "description": "List of infoTypes this rule set is applied to.", + "items": { + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "rules": { + "description": "Set of rules to be applied to infoTypes. The rules are applied in order.", + "items": { + "properties": { + "exclusionRule": { + "description": "Exclusion rule.", + "properties": { + "dictionary": { + "description": "Dictionary which defines the rule.", + "properties": { + "cloudStoragePath": { + "description": "Newline-delimited file of words in Cloud Storage. Only a single file is accepted.", + "properties": { + "path": { + "description": "A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wordList": { + "description": "List of words or phrases to search for.", + "properties": { + "words": { + "description": "Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "excludeInfoTypes": { + "description": "Set of infoTypes for which findings would affect this rule.", + "properties": { + "infoTypes": { + "description": "InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for `InspectionRuleSet.info_types` containing \"PHONE_NUMBER\"` and `exclusion_rule` containing `exclude_info_types.info_types` with \"EMAIL_ADDRESS\" the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to \"555-222-2222@example.org\" to generate only a single finding, namely email address.", + "items": { + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "matchingType": { + "description": "How the rule is applied, see MatchingType documentation for details. Possible values: MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH", + "type": "string" + }, + "regex": { + "description": "Regular expression which defines the rule.", + "properties": { + "groupIndexes": { + "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "hotwordRule": { + "properties": { + "hotwordRegex": { + "description": "Regular expression pattern defining what qualifies as a hotword.", + "properties": { + "groupIndexes": { + "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "likelihoodAdjustment": { + "description": "Likelihood adjustment to apply to all matching findings.", + "properties": { + "fixedLikelihood": { + "description": "Set the likelihood of a finding to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY", + "type": "string" + }, + "relativeLikelihood": { + "description": "Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "proximity": { + "description": "Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex \"(d{3}) d{3}-d{4}\" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex \"(xxx)\", where \"xxx\" is the area code in question.", + "properties": { + "windowAfter": { + "description": "Number of characters after the finding to consider.", + "format": "int64", + "type": "integer" + }, + "windowBefore": { + "description": "Number of characters before the finding to consider.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of the resource", + "type": "string" + }, + "organizationRef": { + "description": "Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The creation timestamp of an inspectTemplate.", + "format": "date-time", + "type": "string" + }, + "locationId": { + "description": "Output only. The geographic location where this resource is stored.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The last update timestamp of an inspectTemplate.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/dlp.cnrm.cloud.google.com/dlpjobtrigger_v1beta1.json b/dlp.cnrm.cloud.google.com/dlpjobtrigger_v1beta1.json new file mode 100644 index 00000000..e59251f9 --- /dev/null +++ b/dlp.cnrm.cloud.google.com/dlpjobtrigger_v1beta1.json @@ -0,0 +1,1541 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "User provided description (max 256 chars)", + "type": "string" + }, + "displayName": { + "description": "Display name (max 100 chars)", + "type": "string" + }, + "inspectJob": { + "description": "For inspect jobs, a snapshot of the configuration.", + "properties": { + "actions": { + "description": "Actions to execute at the completion of the job.", + "items": { + "properties": { + "jobNotificationEmails": { + "description": "Enable email notification for project owners and editors on job's completion/failure.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "pubSub": { + "description": "Publish a notification to a pubsub topic.", + "properties": { + "topicRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}.\n\nAllowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "publishFindingsToCloudDataCatalog": { + "description": "Publish findings to Cloud Datahub.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "publishSummaryToCscc": { + "description": "Publish summary to Cloud Security Command Center (Alpha).", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "publishToStackdriver": { + "description": "Enable Stackdriver metric dlp.googleapis.com/finding_count.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "saveFindings": { + "description": "Save resulting findings in a provided location.", + "properties": { + "outputConfig": { + "description": "Location to store findings outside of DLP.", + "properties": { + "dlpStorage": { + "description": "Store findings directly to DLP. If neither this or bigquery is chosen only summary stats of total infotype count will be stored. Quotes will not be stored to dlp findings. If quotes are needed, store to BigQuery. Currently only for inspect jobs.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "outputSchema": { + "description": "Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the `Finding` object. If appending to an existing table, any columns from the predefined schema that are missing will be added. No columns in the existing table will be deleted. If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, BIG_QUERY_COLUMNS, ALL_COLUMNS", + "type": "string" + }, + "table": { + "description": "Store findings in an existing table or a new table in an existing dataset. If table_id is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for generating the date details. For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the `Finding` object. For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table.", + "properties": { + "datasetRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Dataset ID of the table.\n\nAllowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tableRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Name of the table.\n\nAllowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "inspectConfig": { + "description": "How and what to scan for.", + "properties": { + "customInfoTypes": { + "description": "CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.", + "items": { + "properties": { + "detectionRules": { + "description": "Set of detection rules to apply to all findings of this CustomInfoType. Rules are applied in order that they are specified. Not supported for the `surrogate_type` CustomInfoType.", + "items": { + "properties": { + "hotwordRule": { + "description": "Hotword-based detection rule.", + "properties": { + "hotwordRegex": { + "description": "Regular expression pattern defining what qualifies as a hotword.", + "properties": { + "groupIndexes": { + "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "likelihoodAdjustment": { + "description": "Likelihood adjustment to apply to all matching findings.", + "properties": { + "fixedLikelihood": { + "description": "Set the likelihood of a finding to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY", + "type": "string" + }, + "relativeLikelihood": { + "description": "Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "proximity": { + "description": "Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex \"(d{3}) d{3}-d{4}\" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex \"(xxx)\", where \"xxx\" is the area code in question.", + "properties": { + "windowAfter": { + "description": "Number of characters after the finding to consider.", + "format": "int64", + "type": "integer" + }, + "windowBefore": { + "description": "Number of characters before the finding to consider.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "dictionary": { + "description": "A list of phrases to detect as a CustomInfoType.", + "properties": { + "cloudStoragePath": { + "description": "Newline-delimited file of words in Cloud Storage. Only a single file is accepted.", + "properties": { + "path": { + "description": "A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wordList": { + "description": "List of words or phrases to search for.", + "properties": { + "words": { + "description": "Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "exclusionType": { + "description": "If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE", + "type": "string" + }, + "infoType": { + "description": "CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing infoTypes and that infoType is specified in `InspectContent.info_types` field. Specifying the latter adds findings to the one detected by the system. If built-in info type is not specified in `InspectContent.info_types` list then the name is treated as a custom info type.", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + }, + "version": { + "description": "Optional version name for this InfoType.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "likelihood": { + "description": "Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria specified by the rule. Defaults to `VERY_LIKELY` if not specified. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY", + "type": "string" + }, + "regex": { + "description": "Regular expression based CustomInfoType.", + "properties": { + "groupIndexes": { + "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "storedType": { + "description": "Load an existing `StoredInfoType` resource for use in `InspectDataSource`. Not currently supported in `InspectContent`.", + "properties": { + "createTime": { + "description": "Timestamp indicating when the version of the `StoredInfoType` used for inspection was created. Output-only field, populated by the system.", + "format": "date-time", + "type": "string" + }, + "nameRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`.\n\nAllowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "surrogateType": { + "description": "Message for detecting output from deidentification transformations that support reversing.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "excludeInfoTypes": { + "description": "When true, excludes type information of the findings. This is not used for data profiling.", + "type": "boolean" + }, + "includeQuote": { + "description": "When true, a contextual quote from the data that triggered a finding is included in the response; see Finding.quote. This is not used for data profiling.", + "type": "boolean" + }, + "infoTypes": { + "description": "Restricts what info_types to look for. The values must correspond to InfoType values returned by ListInfoTypes or listed at https://cloud.google.com/dlp/docs/infotypes-reference. When no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run. By default this may be all types, but may change over time as detectors are updated. If you need precise control and predictability as to what detectors are run you should specify specific InfoTypes listed in the reference, otherwise a default list will be used, which may change over time.", + "items": { + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "limits": { + "description": "Configuration to control the number of findings returned. This is not used for data profiling.", + "properties": { + "maxFindingsPerInfoType": { + "description": "Configuration of findings limit given for specified infoTypes.", + "items": { + "properties": { + "infoType": { + "description": "Type of information the findings limit applies to. Only one limit per info_type should be provided. If InfoTypeLimit does not have an info_type, the DLP API applies the limit against all info_types that are found but not specified in another InfoTypeLimit.", + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + }, + "version": { + "description": "Optional version name for this InfoType.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "maxFindings": { + "description": "Max findings limit for the given infoType.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "maxFindingsPerItem": { + "description": "Max number of findings that will be returned for each item scanned. When set within `InspectJobConfig`, the maximum returned is 2000 regardless if this is set higher. When set within `InspectContentRequest`, this field is ignored.", + "format": "int64", + "type": "integer" + }, + "maxFindingsPerRequest": { + "description": "Max number of findings that will be returned per request/job. When set within `InspectContentRequest`, the maximum returned is 2000 regardless if this is set higher.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "minLikelihood": { + "description": "Only returns findings equal or above this threshold. The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY", + "type": "string" + }, + "ruleSet": { + "description": "Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end, other rules are executed in the order they are specified for each info type.", + "items": { + "properties": { + "infoTypes": { + "description": "List of infoTypes this rule set is applied to.", + "items": { + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + }, + "version": { + "description": "Optional version name for this InfoType.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "rules": { + "description": "Set of rules to be applied to infoTypes. The rules are applied in order.", + "items": { + "properties": { + "exclusionRule": { + "description": "Exclusion rule.", + "properties": { + "dictionary": { + "description": "Dictionary which defines the rule.", + "properties": { + "cloudStoragePath": { + "description": "Newline-delimited file of words in Cloud Storage. Only a single file is accepted.", + "properties": { + "path": { + "description": "A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "wordList": { + "description": "List of words or phrases to search for.", + "properties": { + "words": { + "description": "Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "excludeInfoTypes": { + "description": "Set of infoTypes for which findings would affect this rule.", + "properties": { + "infoTypes": { + "description": "InfoType list in ExclusionRule rule drops a finding when it overlaps or contained within with a finding of an infoType from this list. For example, for `InspectionRuleSet.info_types` containing \"PHONE_NUMBER\"` and `exclusion_rule` containing `exclude_info_types.info_types` with \"EMAIL_ADDRESS\" the phone number findings are dropped if they overlap with EMAIL_ADDRESS finding. That leads to \"555-222-2222@example.org\" to generate only a single finding, namely email address.", + "items": { + "properties": { + "name": { + "description": "Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`.", + "type": "string" + }, + "version": { + "description": "Optional version name for this InfoType.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "matchingType": { + "description": "How the rule is applied, see MatchingType documentation for details. Possible values: MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH", + "type": "string" + }, + "regex": { + "description": "Regular expression which defines the rule.", + "properties": { + "groupIndexes": { + "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "hotwordRule": { + "properties": { + "hotwordRegex": { + "description": "Regular expression pattern defining what qualifies as a hotword.", + "properties": { + "groupIndexes": { + "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "likelihoodAdjustment": { + "description": "Likelihood adjustment to apply to all matching findings.", + "properties": { + "fixedLikelihood": { + "description": "Set the likelihood of a finding to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY", + "type": "string" + }, + "relativeLikelihood": { + "description": "Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be `POSSIBLE` without the detection rule and `relative_likelihood` is 1, then it is upgraded to `LIKELY`, while a value of -1 would downgrade it to `UNLIKELY`. Likelihood may never drop below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is `VERY_LIKELY` will result in a final likelihood of `LIKELY`.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "proximity": { + "description": "Proximity of the finding within which the entire hotword must reside. The total length of the window cannot exceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be used to match substrings of the finding itself. For example, the certainty of a phone number regex \"(d{3}) d{3}-d{4}\" could be adjusted upwards if the area code is known to be the local area code of a company office using the hotword regex \"(xxx)\", where \"xxx\" is the area code in question.", + "properties": { + "windowAfter": { + "description": "Number of characters after the finding to consider.", + "format": "int64", + "type": "integer" + }, + "windowBefore": { + "description": "Number of characters before the finding to consider.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "inspectTemplateRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template.\n\nAllowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "storageConfig": { + "description": "The data to scan.", + "properties": { + "bigQueryOptions": { + "description": "BigQuery options.", + "properties": { + "excludedFields": { + "description": "References to fields excluded from scanning. This allows you to skip inspection of entire columns which you know have no findings.", + "items": { + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "identifyingFields": { + "description": "Table fields that may uniquely identify a row within the table. When `actions.saveFindings.outputConfig.table` is specified, the values of columns specified here are available in the output table under `location.content_locations.record_location.record_key.id_values`. Nested fields such as `person.birthdate.year` are allowed.", + "items": { + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "includedFields": { + "description": "Limit scanning only to these fields.", + "items": { + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "rowsLimit": { + "description": "Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted. If not set, or if set to 0, all rows will be scanned. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig.", + "format": "int64", + "type": "integer" + }, + "rowsLimitPercent": { + "description": "Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of rows_limit and rows_limit_percent can be specified. Cannot be used in conjunction with TimespanConfig.", + "format": "int64", + "type": "integer" + }, + "sampleMethod": { + "description": " Possible values: SAMPLE_METHOD_UNSPECIFIED, TOP, RANDOM_START", + "type": "string" + }, + "tableReference": { + "description": "Complete BigQuery table reference.", + "properties": { + "datasetRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Dataset ID of the table.\n\nAllowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tableRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Name of the table.\n\nAllowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "tableReference" + ], + "type": "object", + "additionalProperties": false + }, + "cloudStorageOptions": { + "description": "Google Cloud Storage options.", + "properties": { + "bytesLimitPerFile": { + "description": "Max number of bytes to scan from a file. If a scanned file's size is bigger than this value then the rest of the bytes are omitted. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. Cannot be set if de-identification is requested.", + "format": "int64", + "type": "integer" + }, + "bytesLimitPerFilePercent": { + "description": "Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of bytes_limit_per_file and bytes_limit_per_file_percent can be specified. Cannot be set if de-identification is requested.", + "format": "int64", + "type": "integer" + }, + "fileSet": { + "description": "The set of one or more files to scan.", + "properties": { + "regexFileSet": { + "description": "The regex-filtered set of files to scan. Exactly one of `url` or `regex_file_set` must be set.", + "properties": { + "bucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The name of a Cloud Storage bucket. Required.\n\nAllowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "excludeRegex": { + "description": "A list of regular expressions matching file paths to exclude. All files in the bucket that match at least one of these regular expressions will be excluded from the scan. Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includeRegex": { + "description": "A list of regular expressions matching file paths to include. All files in the bucket that match at least one of these regular expressions will be included in the set of files, except for those that also match an item in `exclude_regex`. Leaving this field empty will match all files by default (this is equivalent to including `.*` in the list). Regular expressions use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); a guide can be found under the google/re2 repository on GitHub.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "bucketRef" + ], + "type": "object", + "additionalProperties": false + }, + "url": { + "description": "The Cloud Storage url of the file(s) to scan, in the format `gs:///`. Trailing wildcard in the path is allowed. If the url ends in a trailing slash, the bucket or directory represented by the url will be scanned non-recursively (content in sub-directories will not be scanned). This means that `gs://mybucket/` is equivalent to `gs://mybucket/*`, and `gs://mybucket/directory/` is equivalent to `gs://mybucket/directory/*`. Exactly one of `url` or `regex_file_set` must be set.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "fileTypes": { + "description": "List of file type groups to include in the scan. If empty, all files are scanned and available data format processors are applied. In addition, the binary content of the selected files is always scanned as well. Images are scanned only as binary if the specified region does not support image inspection and no file_types were specified. Image inspection is restricted to 'global', 'us', 'asia', and 'europe'.", + "items": { + "type": "string" + }, + "type": "array" + }, + "filesLimitPercent": { + "description": "Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down. Must be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0.", + "format": "int64", + "type": "integer" + }, + "sampleMethod": { + "description": " Possible values: SAMPLE_METHOD_UNSPECIFIED, TOP, RANDOM_START", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "datastoreOptions": { + "description": "Google Cloud Datastore options.", + "properties": { + "kind": { + "description": "The kind to process.", + "properties": { + "name": { + "description": "The name of the kind.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "partitionId": { + "description": "A partition ID identifies a grouping of entities. The grouping is always by project namespace ID may be empty.", + "properties": { + "namespaceId": { + "description": "If not empty, the ID of the namespace to which the entities belong.", + "type": "string" + }, + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The ID of the project to which the entities belong.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "hybridOptions": { + "description": "Hybrid inspection options.", + "properties": { + "description": { + "description": "A short description of where the data is coming from. Will be stored once in the job. 256 max length.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "To organize findings, these labels will be added to each finding. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label values must be between 0 and 63 characters long and must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. No more than 10 labels can be associated with a given finding. Examples: * `\"environment\" : \"production\"` * `\"pipeline\" : \"etl\"`", + "type": "object" + }, + "requiredFindingLabelKeys": { + "description": "These are labels that each inspection request must include within their 'finding_labels' map. Request may contain others, but any missing one of these will be rejected. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can be required.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tableOptions": { + "description": "If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.", + "properties": { + "identifyingFields": { + "description": "The columns that are the primary keys for table objects included in ContentItem. A copy of this cell's value will stored alongside alongside each finding so that the finding can be traced to the specific row it came from. No more than 3 may be provided.", + "items": { + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timespanConfig": { + "properties": { + "enableAutoPopulationOfTimespanConfig": { + "description": "When the job is started by a JobTrigger we will automatically figure out a valid start_time to avoid scanning files that have not been modified since the last time the JobTrigger executed. This will be based on the time of the execution of the last run of the JobTrigger.", + "type": "boolean" + }, + "endTime": { + "description": "Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied.", + "format": "date-time", + "type": "string" + }, + "startTime": { + "description": "Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied.", + "format": "date-time", + "type": "string" + }, + "timestampField": { + "description": "Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery. For BigQuery: If this value is not specified and the table was modified between the given start and end times, the entire table will be scanned. If this value is specified, then rows are filtered based on the given start and end times. Rows with a `NULL` value in the provided BigQuery column are skipped. Valid data types of the provided BigQuery column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. For Datastore: If this value is specified, then entities are filtered based on the given start and end times. If an entity does not contain the provided timestamp property or contains empty or invalid values, then it is included. Valid data types of the provided timestamp property are: `TIMESTAMP`.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "storageConfig" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to. Only one of [projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "status": { + "description": "Immutable. Required. A status for this trigger. Possible values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED", + "type": "string" + }, + "triggers": { + "description": "A list of triggers which will be OR'ed together. Only one in the list needs to trigger for a job to be started. The list may contain only a single Schedule trigger and must have at least one object.", + "items": { + "properties": { + "manual": { + "description": "For use with hybrid jobs. Jobs must be manually created and finished.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "schedule": { + "description": "Create a job on a repeating basis based on the elapse of time.", + "properties": { + "recurrencePeriodDuration": { + "description": "With this option a job is started a regular periodic basis. For example: every day (86400 seconds). A scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs. This value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "inspectJob", + "projectRef", + "status", + "triggers" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The creation timestamp of a triggeredJob.", + "format": "date-time", + "type": "string" + }, + "errors": { + "description": "Output only. A stream of errors encountered when the trigger was activated. Repeated errors may result in the JobTrigger automatically being paused. Will return the last 100 errors. Whenever the JobTrigger is modified this list will be cleared.", + "items": { + "properties": { + "details": { + "description": "Detailed error codes and messages.", + "properties": { + "code": { + "description": "The status code, which should be an enum value of google.rpc.Code.", + "format": "int64", + "type": "integer" + }, + "details": { + "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.", + "items": { + "properties": { + "typeUrl": { + "description": "A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL's path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a google.protobuf.Type value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.", + "type": "string" + }, + "value": { + "description": "Must be a valid serialized protocol buffer of the above specified type.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "message": { + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "timestamps": { + "description": "The times the error occurred.", + "items": { + "format": "date-time", + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "lastRunTime": { + "description": "Output only. The timestamp of the last time this trigger executed.", + "format": "date-time", + "type": "string" + }, + "locationId": { + "description": "Output only. The geographic location where this resource is stored.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The last update timestamp of a triggeredJob.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/dlp.cnrm.cloud.google.com/dlpstoredinfotype_v1beta1.json b/dlp.cnrm.cloud.google.com/dlpstoredinfotype_v1beta1.json new file mode 100644 index 00000000..b3534aa9 --- /dev/null +++ b/dlp.cnrm.cloud.google.com/dlpstoredinfotype_v1beta1.json @@ -0,0 +1,457 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "organizationRef" + ] + }, + { + "required": [ + "projectRef" + ] + } + ], + "properties": { + "description": { + "description": "Description of the StoredInfoType (max 256 characters).", + "type": "string" + }, + "dictionary": { + "description": "Store dictionary-based CustomInfoType.", + "properties": { + "cloudStoragePath": { + "description": "Newline-delimited file of words in Cloud Storage. Only a single file is accepted.", + "properties": { + "path": { + "description": "A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "wordList": { + "description": "List of words or phrases to search for.", + "properties": { + "words": { + "description": "Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. [required]", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "words" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "Display name of the StoredInfoType (max 256 characters).", + "type": "string" + }, + "largeCustomDictionary": { + "description": "StoredInfoType where findings are defined by a dictionary of phrases.", + "properties": { + "bigQueryField": { + "description": "Field in a BigQuery table where each cell represents a dictionary phrase.", + "properties": { + "field": { + "description": "Designated field in the BigQuery table.", + "properties": { + "name": { + "description": "Name describing the field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "table": { + "description": "Source table of the field.", + "properties": { + "datasetRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Dataset ID of the table.\n\nAllowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tableRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Name of the table.\n\nAllowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cloudStorageFileSet": { + "description": "Set of files containing newline-delimited lists of dictionary phrases.", + "properties": { + "url": { + "description": "The url, in the format `gs:///`. Trailing wildcard in the path is allowed.", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "outputPath": { + "description": "Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API. If any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.", + "properties": { + "path": { + "description": "A url representing a file or path (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of the resource", + "type": "string" + }, + "organizationRef": { + "description": "Immutable. The Organization that this resource belongs to. Only one of [organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to. Only one of [organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "regex": { + "description": "Store regular expression-based StoredInfoType.", + "properties": { + "groupIndexes": { + "description": "The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "pattern": { + "description": "Pattern defining the regular expression. Its syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.", + "type": "string" + } + }, + "required": [ + "pattern" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/dns.cnrm.cloud.google.com/dnsmanagedzone_v1beta1.json b/dns.cnrm.cloud.google.com/dnsmanagedzone_v1beta1.json new file mode 100644 index 00000000..b9189cd4 --- /dev/null +++ b/dns.cnrm.cloud.google.com/dnsmanagedzone_v1beta1.json @@ -0,0 +1,419 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "cloudLoggingConfig": { + "description": "Cloud logging configuration.", + "properties": { + "enableLogging": { + "description": "If set, enable query logging for this ManagedZone. False by default, making logging opt-in.", + "type": "boolean" + } + }, + "required": [ + "enableLogging" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "A textual description field. Defaults to 'Managed by Config Connector'.", + "type": "string" + }, + "dnsName": { + "description": "Immutable. The DNS name of this managed zone, for instance \"example.com.\".", + "type": "string" + }, + "dnssecConfig": { + "description": "DNSSEC configuration.", + "properties": { + "defaultKeySpecs": { + "description": "Specifies parameters that will be used for generating initial DnsKeys\nfor this ManagedZone. If you provide a spec for keySigning or zoneSigning,\nyou must also provide one for the other.\ndefault_key_specs can only be updated when the state is 'off'.", + "items": { + "properties": { + "algorithm": { + "description": "String mnemonic specifying the DNSSEC algorithm of this key Possible values: [\"ecdsap256sha256\", \"ecdsap384sha384\", \"rsasha1\", \"rsasha256\", \"rsasha512\"].", + "type": "string" + }, + "keyLength": { + "description": "Length of the keys in bits.", + "type": "integer" + }, + "keyType": { + "description": "Specifies whether this is a key signing key (KSK) or a zone\nsigning key (ZSK). Key signing keys have the Secure Entry\nPoint flag set and, when active, will only be used to sign\nresource record sets of type DNSKEY. Zone signing keys do\nnot have the Secure Entry Point flag set and will be used\nto sign all other types of resource record sets. Possible values: [\"keySigning\", \"zoneSigning\"].", + "type": "string" + }, + "kind": { + "description": "Identifies what kind of resource this is.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "kind": { + "description": "Identifies what kind of resource this is.", + "type": "string" + }, + "nonExistence": { + "description": "Specifies the mechanism used to provide authenticated denial-of-existence responses.\nnon_existence can only be updated when the state is 'off'. Possible values: [\"nsec\", \"nsec3\"].", + "type": "string" + }, + "state": { + "description": "Specifies whether DNSSEC is enabled, and what mode it is in Possible values: [\"off\", \"on\", \"transfer\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "forwardingConfig": { + "description": "The presence for this field indicates that outbound forwarding is enabled\nfor this zone. The value of this field contains the set of destinations\nto forward to.", + "properties": { + "targetNameServers": { + "description": "List of target name servers to forward to. Cloud DNS will\nselect the best available name server if more than\none target is given.", + "items": { + "properties": { + "forwardingPath": { + "description": "Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"].", + "type": "string" + }, + "ipv4Address": { + "description": "IPv4 address of a target name server.", + "type": "string" + } + }, + "required": [ + "ipv4Address" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "targetNameServers" + ], + "type": "object", + "additionalProperties": false + }, + "peeringConfig": { + "description": "The presence of this field indicates that DNS Peering is enabled for this\nzone. The value of this field contains the network to peer with.", + "properties": { + "targetNetwork": { + "description": "The network with which to peer.", + "properties": { + "networkRef": { + "description": "VPC network to forward queries to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "networkRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "targetNetwork" + ], + "type": "object", + "additionalProperties": false + }, + "privateVisibilityConfig": { + "description": "For privately visible zones, the set of Virtual Private Cloud\nresources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified.", + "properties": { + "gkeClusters": { + "description": "The list of Google Kubernetes Engine clusters that can see this zone.", + "items": { + "properties": { + "gkeClusterNameRef": { + "description": "The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ContainerCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "gkeClusterNameRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "networks": { + "items": { + "properties": { + "networkRef": { + "description": "VPC network to bind to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "networkRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "reverseLookup": { + "description": "Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse\nlookup queries using automatically configured records for VPC resources. This only applies\nto networks listed under 'private_visibility_config'.", + "type": "boolean" + }, + "serviceDirectoryConfig": { + "description": "Immutable. The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone.", + "properties": { + "namespace": { + "description": "The namespace associated with the zone.", + "properties": { + "namespaceUrl": { + "description": "The fully qualified or partial URL of the service directory namespace that should be\nassociated with the zone. This should be formatted like\n'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}'\nor simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}'\nIgnored for 'public' visibility zones.", + "type": "string" + } + }, + "required": [ + "namespaceUrl" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "namespace" + ], + "type": "object", + "additionalProperties": false + }, + "visibility": { + "description": "Immutable. The zone's visibility: public zones are exposed to the Internet,\nwhile private zones are visible only to Virtual Private Cloud resources. Default value: \"public\" Possible values: [\"private\", \"public\"].", + "type": "string" + } + }, + "required": [ + "dnsName" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTime": { + "description": "The time that this resource was created on the server.\nThis is in RFC3339 text format.", + "type": "string" + }, + "managedZoneId": { + "description": "Unique identifier for the resource; defined by the server.", + "type": "integer" + }, + "nameServers": { + "description": "Delegate your managed_zone to these virtual name servers;\ndefined by the server.", + "items": { + "type": "string" + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/dns.cnrm.cloud.google.com/dnspolicy_v1beta1.json b/dns.cnrm.cloud.google.com/dnspolicy_v1beta1.json new file mode 100644 index 00000000..4a818f4a --- /dev/null +++ b/dns.cnrm.cloud.google.com/dnspolicy_v1beta1.json @@ -0,0 +1,172 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "alternativeNameServerConfig": { + "description": "Sets an alternative name server for the associated networks.\nWhen specified, all DNS queries are forwarded to a name server that you choose.\nNames such as .internal are not available when an alternative name server is specified.", + "properties": { + "targetNameServers": { + "description": "Sets an alternative name server for the associated networks. When specified,\nall DNS queries are forwarded to a name server that you choose. Names such as .internal\nare not available when an alternative name server is specified.", + "items": { + "properties": { + "forwardingPath": { + "description": "Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"].", + "type": "string" + }, + "ipv4Address": { + "description": "IPv4 address to forward to.", + "type": "string" + } + }, + "required": [ + "ipv4Address" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "targetNameServers" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "A textual description field. Defaults to 'Managed by Config Connector'.", + "type": "string" + }, + "enableInboundForwarding": { + "description": "Allows networks bound to this policy to receive DNS queries sent\nby VMs or applications over VPN connections. When enabled, a\nvirtual IP address will be allocated from each of the sub-networks\nthat are bound to this policy.", + "type": "boolean" + }, + "enableLogging": { + "description": "Controls whether logging is enabled for the networks bound to this policy.\nDefaults to no logging if not set.", + "type": "boolean" + }, + "networks": { + "description": "List of network names specifying networks to which this policy is applied.", + "items": { + "properties": { + "networkRef": { + "description": "VPC network to bind to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "networkRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/dns.cnrm.cloud.google.com/dnsrecordset_v1beta1.json b/dns.cnrm.cloud.google.com/dnsrecordset_v1beta1.json new file mode 100644 index 00000000..dbec1600 --- /dev/null +++ b/dns.cnrm.cloud.google.com/dnsrecordset_v1beta1.json @@ -0,0 +1,212 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "rrdatas" + ] + }, + { + "required": [ + "rrdatasRefs" + ] + } + ], + "properties": { + "managedZoneRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `DNSManagedZone` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Immutable. The DNS name this record set will apply to.", + "type": "string" + }, + "rrdatas": { + "description": "DEPRECATED. Although this field is still available, there is limited support. We recommend that you use `spec.rrdatasRefs` instead.", + "items": { + "type": "string" + }, + "type": "array" + }, + "rrdatasRefs": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name", + "kind" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + }, + { + "required": [ + "kind" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `address` field of a `ComputeAddress` resource.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. Allowed values: ComputeAddress", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "ttl": { + "description": "The time-to-live of this record set (seconds).", + "type": "integer" + }, + "type": { + "description": "The DNS record set type.", + "type": "string" + } + }, + "required": [ + "managedZoneRef", + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/edgecontainer.cnrm.cloud.google.com/edgecontainercluster_v1beta1.json b/edgecontainer.cnrm.cloud.google.com/edgecontainercluster_v1beta1.json new file mode 100644 index 00000000..6cd210e4 --- /dev/null +++ b/edgecontainer.cnrm.cloud.google.com/edgecontainercluster_v1beta1.json @@ -0,0 +1,598 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "authorization": { + "description": "Immutable. RBAC policy that will be applied and managed by GEC.", + "properties": { + "adminUsers": { + "description": "User that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster. Currently, this is a singular field, but will\nbe expanded to allow multiple admins in the future.", + "properties": { + "usernameRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "usernameRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "adminUsers" + ], + "type": "object", + "additionalProperties": false + }, + "controlPlane": { + "description": "The configuration of the cluster control plane.", + "properties": { + "local": { + "description": "Immutable. Local control plane configuration.", + "properties": { + "machineFilter": { + "description": "Only machines matching this filter will be allowed to host control\nplane nodes. The filtering language accepts strings like \"name=\",\nand is documented here: [AIP-160](https://google.aip.dev/160).", + "type": "string" + }, + "nodeCount": { + "description": "The number of nodes to serve as replicas of the Control Plane.\nOnly 1 and 3 are supported.", + "type": "integer" + }, + "nodeLocation": { + "description": "Immutable. Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.", + "type": "string" + }, + "sharedDeploymentPolicy": { + "description": "Policy configuration about how user applications are deployed. Possible values: [\"SHARED_DEPLOYMENT_POLICY_UNSPECIFIED\", \"ALLOWED\", \"DISALLOWED\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "remote": { + "description": "Immutable. Remote control plane configuration.", + "properties": { + "nodeLocation": { + "description": "Immutable. Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "controlPlaneEncryption": { + "description": "Remote control plane disk encryption options. This field is only used when\nenabling CMEK support.", + "properties": { + "kmsKeyActiveVersion": { + "description": "The Cloud KMS CryptoKeyVersion currently in use for protecting control\nplane disks. Only applicable if kms_key is set.", + "type": "string" + }, + "kmsKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyState": { + "description": "Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then\nnodes may go offline as they cannot access their local data. This can be\ncaused by a lack of permissions to use the key, or if the key is disabled\nor deleted.", + "type": "string" + }, + "kmsStatus": { + "description": "Error status returned by Cloud KMS when using this key. This field may be\npopulated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'.\nIf populated, this field contains the error status reported by Cloud KMS.", + "items": { + "properties": { + "code": { + "description": "The status code, which should be an enum value of google.rpc.Code.", + "type": "integer" + }, + "message": { + "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "defaultMaxPodsPerNode": { + "description": "The default maximum number of pods per node used if a maximum value is not\nspecified explicitly for a node pool in this cluster. If unspecified, the\nKubernetes default value will be used.", + "type": "integer" + }, + "externalLoadBalancerIpv4AddressPools": { + "description": "Address pools for cluster data plane external load balancing.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fleet": { + "description": "Immutable. Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.", + "properties": { + "membership": { + "description": "The name of the managed Hub Membership resource associated to this cluster.\nMembership names are formatted as\n'projects//locations/global/membership/'.", + "type": "string" + }, + "projectRef": { + "description": "The number of the Fleet host project where this cluster will be registered.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of the resource.", + "type": "string" + }, + "maintenancePolicy": { + "description": "Cluster-wide maintenance policy configuration.", + "properties": { + "window": { + "description": "Specifies the maintenance window in which maintenance may be performed.", + "properties": { + "recurringWindow": { + "description": "Represents an arbitrary window of time that recurs.", + "properties": { + "recurrence": { + "description": "An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how\nthis window recurs. They go on for the span of time between the start and\nend time.", + "type": "string" + }, + "window": { + "description": "Represents an arbitrary window of time.", + "properties": { + "endTime": { + "description": "The time that the window ends. The end time must take place after the\nstart time.", + "type": "string" + }, + "startTime": { + "description": "The time that the window first starts.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "recurringWindow" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "window" + ], + "type": "object", + "additionalProperties": false + }, + "networking": { + "description": "Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.", + "properties": { + "clusterIpv4CidrBlocks": { + "description": "Immutable. All pods in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.", + "items": { + "type": "string" + }, + "type": "array" + }, + "clusterIpv6CidrBlocks": { + "description": "Immutable. If specified, dual stack mode is enabled and all pods in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.", + "items": { + "type": "string" + }, + "type": "array" + }, + "networkType": { + "description": "IP addressing type of this cluster i.e. SINGLESTACK_V4 vs DUALSTACK_V4_V6.", + "type": "string" + }, + "servicesIpv4CidrBlocks": { + "description": "Immutable. All services in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.", + "items": { + "type": "string" + }, + "type": "array" + }, + "servicesIpv6CidrBlocks": { + "description": "Immutable. If specified, dual stack mode is enabled and all services in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "clusterIpv4CidrBlocks", + "servicesIpv4CidrBlocks" + ], + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "releaseChannel": { + "description": "The release channel a cluster is subscribed to. Possible values: [\"RELEASE_CHANNEL_UNSPECIFIED\", \"NONE\", \"REGULAR\"].", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "systemAddonsConfig": { + "description": "Config that customers are allowed to define for GDCE system add-ons.", + "properties": { + "ingress": { + "description": "Config for the Ingress add-on which allows customers to create an Ingress\nobject to manage external access to the servers in a cluster. The add-on\nconsists of istiod and istio-ingress.", + "properties": { + "disabled": { + "description": "Whether Ingress is disabled.", + "type": "boolean" + }, + "ipv4Vip": { + "description": "Ingress VIP.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "targetVersion": { + "description": "The target cluster version. For example: \"1.5.0\".", + "type": "string" + } + }, + "required": [ + "authorization", + "fleet", + "location", + "networking", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "clusterCaCertificate": { + "description": "The PEM-encoded public certificate of the cluster's CA.", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "controlPlaneVersion": { + "description": "The control plane release version.", + "type": "string" + }, + "createTime": { + "description": "The time the cluster was created, in RFC3339 text format.", + "type": "string" + }, + "endpoint": { + "description": "The IP address of the Kubernetes API server.", + "type": "string" + }, + "maintenanceEvents": { + "description": "All the maintenance events scheduled for the cluster, including the ones\nongoing, planned for the future and done in the past (up to 90 days).", + "items": { + "properties": { + "createTime": { + "description": "The time when the maintenance event request was created.", + "type": "string" + }, + "endTime": { + "description": "The time when the maintenance event ended, either successfully or not. If\nthe maintenance event is split into multiple maintenance windows,\nend_time is only updated when the whole flow ends.", + "type": "string" + }, + "operation": { + "description": "The operation for running the maintenance event. Specified in the format\nprojects/*/locations/*/operations/*. If the maintenance event is split\ninto multiple operations (e.g. due to maintenance windows), the latest\none is recorded.", + "type": "string" + }, + "schedule": { + "description": "The schedule of the maintenance event.", + "type": "string" + }, + "startTime": { + "description": "The time when the maintenance event started.", + "type": "string" + }, + "state": { + "description": "Indicates the maintenance event state.", + "type": "string" + }, + "targetVersion": { + "description": "The target version of the cluster.", + "type": "string" + }, + "type": { + "description": "Indicates the maintenance event type.", + "type": "string" + }, + "updateTime": { + "description": "The time when the maintenance event message was updated.", + "type": "string" + }, + "uuid": { + "description": "UUID of the maintenance event.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "nodeVersion": { + "description": "The lowest release version among all worker nodes. This field can be empty\nif the cluster does not have any worker nodes.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "port": { + "description": "The port number of the Kubernetes API server.", + "type": "integer" + }, + "status": { + "description": "Indicates the status of the cluster.", + "type": "string" + }, + "updateTime": { + "description": "The time the cluster was last updated, in RFC3339 text format.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/edgecontainer.cnrm.cloud.google.com/edgecontainernodepool_v1beta1.json b/edgecontainer.cnrm.cloud.google.com/edgecontainernodepool_v1beta1.json new file mode 100644 index 00000000..f7b14967 --- /dev/null +++ b/edgecontainer.cnrm.cloud.google.com/edgecontainernodepool_v1beta1.json @@ -0,0 +1,281 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clusterRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `EdgeContainerCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "localDiskEncryption": { + "description": "Local disk encryption options. This field is only used when enabling CMEK support.", + "properties": { + "kmsKeyActiveVersion": { + "description": "The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kmsKey is set.", + "type": "string" + }, + "kmsKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kmsKeyState": { + "description": "Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data.\nThis can be caused by a lack of permissions to use the key, or if the key is disabled or deleted.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of the resource.", + "type": "string" + }, + "machineFilter": { + "description": "Only machines matching this filter will be allowed to join the node pool.\nThe filtering language accepts strings like \"name=\", and is\ndocumented in more detail in [AIP-160](https://google.aip.dev/160).", + "type": "string" + }, + "nodeConfig": { + "description": "Configuration for each node in the NodePool.", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "\"The Kubernetes node labels\".", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "nodeCount": { + "description": "The number of nodes in the pool.", + "type": "integer" + }, + "nodeLocation": { + "description": "Immutable. Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example: 'us-central1-edge-customer-a'.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "clusterRef", + "location", + "nodeCount", + "nodeLocation", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time when the node pool was created.", + "type": "string" + }, + "nodeVersion": { + "description": "The lowest release version among all worker nodes.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "The time when the node pool was last updated.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/edgecontainer.cnrm.cloud.google.com/edgecontainervpnconnection_v1beta1.json b/edgecontainer.cnrm.cloud.google.com/edgecontainervpnconnection_v1beta1.json new file mode 100644 index 00000000..ad57afe3 --- /dev/null +++ b/edgecontainer.cnrm.cloud.google.com/edgecontainervpnconnection_v1beta1.json @@ -0,0 +1,258 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clusterRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `EdgeContainerCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "enableHighAvailability": { + "description": "Immutable. Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs.", + "type": "boolean" + }, + "location": { + "description": "Immutable. Google Cloud Platform location.", + "type": "string" + }, + "natGatewayIp": { + "description": "Immutable. NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster.\nThis is empty if NAT is not used.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "router": { + "description": "The VPN connection Cloud Router name.", + "type": "string" + }, + "vpc": { + "description": "Immutable. The network ID of VPC to connect to.", + "type": "string" + }, + "vpcProject": { + "description": "Project detail of the VPC network. Required if VPC is in a different project than the cluster project.", + "properties": { + "projectId": { + "description": "Immutable. The project of the VPC to connect to. If not specified, it is the same as the cluster project.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clusterRef", + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time when the VPN connection was created.", + "type": "string" + }, + "details": { + "description": "A nested object resource.", + "items": { + "properties": { + "cloudRouter": { + "description": "The Cloud Router info.", + "items": { + "properties": { + "name": { + "description": "The associated Cloud Router name.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "cloudVpns": { + "description": "Each connection has multiple Cloud VPN gateways.", + "items": { + "properties": { + "gateway": { + "description": "The created Cloud VPN gateway name.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "error": { + "description": "The error message. This is only populated when state=ERROR.", + "type": "string" + }, + "state": { + "description": "The current connection state.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "The time when the VPN connection was last updated.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/edgenetwork.cnrm.cloud.google.com/edgenetworknetwork_v1beta1.json b/edgenetwork.cnrm.cloud.google.com/edgenetworknetwork_v1beta1.json new file mode 100644 index 00000000..6b8b9d51 --- /dev/null +++ b/edgenetwork.cnrm.cloud.google.com/edgenetworknetwork_v1beta1.json @@ -0,0 +1,152 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "location": { + "description": "Immutable. The Google Cloud region to which the target Distributed Cloud Edge zone belongs.", + "type": "string" + }, + "mtu": { + "description": "Immutable. IP (L3) MTU value of the network. Default value is '1500'. Possible values are: '1500', '9000'.", + "type": "integer" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The networkId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "zone": { + "description": "Immutable. The name of the target Distributed Cloud Edge zone.", + "type": "string" + } + }, + "required": [ + "location", + "projectRef", + "zone" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.", + "type": "string" + }, + "name": { + "description": "The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/edgenetwork.cnrm.cloud.google.com/edgenetworksubnet_v1beta1.json b/edgenetwork.cnrm.cloud.google.com/edgenetworksubnet_v1beta1.json new file mode 100644 index 00000000..d0789247 --- /dev/null +++ b/edgenetwork.cnrm.cloud.google.com/edgenetworksubnet_v1beta1.json @@ -0,0 +1,220 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "ipv4Cidr": { + "description": "Immutable. The ranges of ipv4 addresses that are owned by this subnetwork, in CIDR format.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipv6Cidr": { + "description": "Immutable. The ranges of ipv6 addresses that are owned by this subnetwork, in CIDR format.", + "items": { + "type": "string" + }, + "type": "array" + }, + "location": { + "description": "Immutable. The Google Cloud region to which the target Distributed Cloud Edge zone belongs.", + "type": "string" + }, + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `EdgeNetworkNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The subnetId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "vlanId": { + "description": "Immutable. VLAN ID for this subnetwork. If not specified, one is assigned automatically.", + "type": "integer" + }, + "zone": { + "description": "Immutable. The name of the target Distributed Cloud Edge zone.", + "type": "string" + } + }, + "required": [ + "location", + "networkRef", + "projectRef", + "zone" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.", + "type": "string" + }, + "name": { + "description": "The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Current stage of the resource to the device by config push.", + "type": "string" + }, + "updateTime": { + "description": "The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/eventarc.cnrm.cloud.google.com/eventarctrigger_v1beta1.json b/eventarc.cnrm.cloud.google.com/eventarctrigger_v1beta1.json new file mode 100644 index 00000000..fad59b0b --- /dev/null +++ b/eventarc.cnrm.cloud.google.com/eventarctrigger_v1beta1.json @@ -0,0 +1,614 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "channelRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The name of the channel associated with the trigger in `projects/{project}/locations/{location}/channels/{channel}` format. You must provide a channel to receive events from Eventarc SaaS partners.", + "type": "string" + }, + "name": { + "description": "[WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "destination": { + "description": "Required. Destination specifies where the events should be sent to.", + "properties": { + "cloudFunctionRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "[WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function}\n\nAllowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "cloudRunService": { + "description": "Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger.", + "properties": { + "path": { + "description": "Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".", + "type": "string" + }, + "region": { + "description": "Required. The region the Cloud Run service is deployed in.", + "type": "string" + }, + "serviceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed.\n\nAllowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "region", + "serviceRef" + ], + "type": "object", + "additionalProperties": false + }, + "gke": { + "description": "A GKE service capable of receiving events. The service should be running in the same project as the trigger.", + "properties": { + "clusterRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created.\n\nAllowed value: The `selfLink` field of a `ContainerCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters.", + "type": "string" + }, + "namespace": { + "description": "Required. The namespace the GKE service is running in.", + "type": "string" + }, + "path": { + "description": "Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".", + "type": "string" + }, + "service": { + "description": "Required. Name of the GKE service.", + "type": "string" + } + }, + "required": [ + "clusterRef", + "location", + "namespace", + "service" + ], + "type": "object", + "additionalProperties": false + }, + "workflowRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: `projects/{project}/locations/{location}/workflows/{workflow}`", + "type": "string" + }, + "name": { + "description": "[WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "eventDataContentType": { + "description": "Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to `application/json` if the value is not defined.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "matchingCriteria": { + "description": "Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination.", + "items": { + "properties": { + "attribute": { + "description": "Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute.", + "type": "string" + }, + "operator": { + "description": "Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is `match-path-pattern`.", + "type": "string" + }, + "value": { + "description": "Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values.", + "type": "string" + } + }, + "required": [ + "attribute", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "transport": { + "description": "Immutable. Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes.", + "properties": { + "pubsub": { + "description": "Immutable. The Pub/Sub topic and subscription used by Eventarc as delivery intermediary.", + "properties": { + "topicRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion.\n\nAllowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "destination", + "location", + "matchingCriteria", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The creation time.", + "format": "date-time", + "type": "string" + }, + "etag": { + "description": "Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "resourceConditions": { + "additionalProperties": { + "type": "string" + }, + "description": "Output only. The reason(s) why a trigger is in FAILED state.", + "type": "object" + }, + "transport": { + "properties": { + "pubsub": { + "properties": { + "subscription": { + "description": "Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "uid": { + "description": "Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.", + "type": "string" + }, + "updateTime": { + "description": "Output only. The last-modified time.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/filestore.cnrm.cloud.google.com/filestorebackup_v1beta1.json b/filestore.cnrm.cloud.google.com/filestorebackup_v1beta1.json new file mode 100644 index 00000000..85890d56 --- /dev/null +++ b/filestore.cnrm.cloud.google.com/filestorebackup_v1beta1.json @@ -0,0 +1,215 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "sourceFileShare": { + "description": "Immutable. Name of the file share in the source Cloud Filestore instance that the backup is created from.", + "type": "string" + }, + "sourceInstanceRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup.\n\nAllowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef", + "sourceFileShare", + "sourceInstanceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "capacityGb": { + "description": "Output only. Capacity of the source file share when the backup was created.", + "format": "int64", + "type": "integer" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time when the backup was created.", + "format": "date-time", + "type": "string" + }, + "downloadBytes": { + "description": "Output only. Amount of bytes that will be downloaded if the backup is restored. This may be different than storage bytes, since sequential backups of the same disk will share storage.", + "format": "int64", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "sourceInstanceTier": { + "description": "Output only. The service tier of the source Cloud Filestore instance that this backup is created from. Possible values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD", + "type": "string" + }, + "state": { + "description": "Output only. The backup state. Possible values: STATE_UNSPECIFIED, CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING", + "type": "string" + }, + "storageBytes": { + "description": "Output only. The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/filestore.cnrm.cloud.google.com/filestoreinstance_v1beta1.json b/filestore.cnrm.cloud.google.com/filestoreinstance_v1beta1.json new file mode 100644 index 00000000..113bfc57 --- /dev/null +++ b/filestore.cnrm.cloud.google.com/filestoreinstance_v1beta1.json @@ -0,0 +1,333 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "The description of the instance (2048 characters or less).", + "type": "string" + }, + "fileShares": { + "description": "File system shares on the instance. For this version, only a single file share is supported.", + "items": { + "properties": { + "capacityGb": { + "description": "File share capacity in gigabytes (GB). Cloud Filestore defines 1 GB as 1024^3 bytes.", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "The name of the file share (must be 16 characters or less).", + "type": "string" + }, + "nfsExportOptions": { + "description": "Nfs Export Options. There is a limit of 10 export options per file share.", + "items": { + "properties": { + "accessMode": { + "description": "Either READ_ONLY, for allowing only read requests on the exported directory, or READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, READ_ONLY, READ_WRITE", + "type": "string" + }, + "anonGid": { + "description": "An integer representing the anonymous group id with a default value of 65534. Anon_gid may only be set with squash_mode of ROOT_SQUASH. An error will be returned if this field is specified for other squash_mode settings.", + "format": "int64", + "type": "integer" + }, + "anonUid": { + "description": "An integer representing the anonymous user id with a default value of 65534. Anon_uid may only be set with squash_mode of ROOT_SQUASH. An error will be returned if this field is specified for other squash_mode settings.", + "format": "int64", + "type": "integer" + }, + "ipRanges": { + "description": "List of either an IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask size}` which may mount the file share. Overlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned. The limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions.", + "items": { + "type": "string" + }, + "type": "array" + }, + "squashMode": { + "description": "Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH, for not allowing root access. The default is NO_ROOT_SQUASH. Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, ROOT_SQUASH", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sourceBackupRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from.\n\nAllowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "networks": { + "description": "Immutable. VPC networks to which the instance is connected. For this version, only a single network is supported.", + "items": { + "properties": { + "ipAddresses": { + "description": "Immutable. Output only. IPv4 addresses in the format `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`.", + "items": { + "type": "string" + }, + "type": "array" + }, + "modes": { + "description": "Immutable. Internet protocol versions for which the instance has IP addresses assigned. For this version, only MODE_IPV4 is supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "networkRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected.\n\nAllowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "reservedIPRange": { + "description": "Immutable. A /29 CIDR block in one of the [internal IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) that identifies the range of IP addresses reserved for this instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The range you specify can't overlap with either existing subnets or assigned IP address ranges for other Cloud Filestore instances in the selected VPC network.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "tier": { + "description": "Immutable. The service tier of the instance. Possible values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ENTERPRISE", + "type": "string" + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time when the instance was created.", + "format": "date-time", + "type": "string" + }, + "etag": { + "description": "Server-specified ETag for the instance resource to prevent simultaneous updates from overwriting each other.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Output only. The instance state. Possible values: STATE_UNSPECIFIED, CREATING, READY, REPAIRING, DELETING, ERROR", + "type": "string" + }, + "statusMessage": { + "description": "Output only. Additional information about the instance state, if available.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/firestore.cnrm.cloud.google.com/firestoreindex_v1beta1.json b/firestore.cnrm.cloud.google.com/firestoreindex_v1beta1.json new file mode 100644 index 00000000..975dba90 --- /dev/null +++ b/firestore.cnrm.cloud.google.com/firestoreindex_v1beta1.json @@ -0,0 +1,107 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "collection": { + "description": "Immutable. The collection being indexed.", + "type": "string" + }, + "database": { + "description": "Immutable. The Firestore database id. Defaults to '\"(default)\"'.", + "type": "string" + }, + "fields": { + "description": "Immutable. The fields supported by this index. The last field entry is always for\nthe field path '__name__'. If, on creation, '__name__' was not\nspecified as the last field, it will be added automatically with the\nsame direction as that of the last field defined. If the final field\nin a composite index is not directional, the '__name__' will be\nordered '\"ASCENDING\"' (unless explicitly specified otherwise).", + "items": { + "properties": { + "arrayConfig": { + "description": "Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"].", + "type": "string" + }, + "fieldPath": { + "description": "Immutable. Name of the field.", + "type": "string" + }, + "order": { + "description": "Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "queryScope": { + "description": "Immutable. The scope at which a query is run. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\"].", + "type": "string" + } + }, + "required": [ + "collection", + "fields" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "A server defined name for this index. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/gkehub.cnrm.cloud.google.com/gkehubfeature_v1beta1.json b/gkehub.cnrm.cloud.google.com/gkehubfeature_v1beta1.json new file mode 100644 index 00000000..3e37db23 --- /dev/null +++ b/gkehub.cnrm.cloud.google.com/gkehubfeature_v1beta1.json @@ -0,0 +1,285 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "spec": { + "description": "Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.", + "properties": { + "fleetobservability": { + "description": "Fleet Observability spec.", + "properties": { + "loggingConfig": { + "description": "Fleet Observability Logging-specific spec.", + "properties": { + "defaultConfig": { + "description": "Specified if applying the default routing config to logs not specified in other configs.", + "properties": { + "mode": { + "description": "The logs routing mode Possible values: MODE_UNSPECIFIED, COPY, MOVE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "fleetScopeLogsConfig": { + "description": "Specified if applying the routing config to all logs for all fleet scopes.", + "properties": { + "mode": { + "description": "The logs routing mode Possible values: MODE_UNSPECIFIED, COPY, MOVE", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "multiclusteringress": { + "description": "Multicluster Ingress-specific spec.", + "properties": { + "configMembershipRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar`\n\nAllowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "configMembershipRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. When the Feature resource was created.", + "format": "date-time", + "type": "string" + }, + "deleteTime": { + "description": "Output only. When the Feature resource was deleted.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "resourceState": { + "description": "State of the Feature resource itself.", + "properties": { + "hasResources": { + "description": "Whether this Feature has outstanding resources that need to be cleaned up before it can be disabled.", + "type": "boolean" + }, + "state": { + "description": "The current state of the Feature resource in the Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, DISABLING, UPDATING, SERVICE_UPDATING", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "state": { + "description": "Output only. The Hub-wide Feature state", + "properties": { + "state": { + "description": "Output only. The \"running state\" of the Feature in this Hub.", + "properties": { + "code": { + "description": "The high-level, machine-readable status of this Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, ERROR", + "type": "string" + }, + "description": { + "description": "A human-readable description of the current status.", + "type": "string" + }, + "updateTime": { + "description": "The time this status and any related Feature-specific details were updated. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "updateTime": { + "description": "Output only. When the Feature resource was last updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/gkehub.cnrm.cloud.google.com/gkehubfeaturemembership_v1beta1.json b/gkehub.cnrm.cloud.google.com/gkehubfeaturemembership_v1beta1.json new file mode 100644 index 00000000..03379dc3 --- /dev/null +++ b/gkehub.cnrm.cloud.google.com/gkehubfeaturemembership_v1beta1.json @@ -0,0 +1,555 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "configmanagement": { + "description": "Config Management-specific spec.", + "properties": { + "binauthz": { + "description": "**DEPRECATED** Binauthz configuration for the cluster. This field will be ignored and should not be set.", + "properties": { + "enabled": { + "description": "Whether binauthz is enabled in this cluster.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "configSync": { + "description": "Config Sync configuration for the cluster.", + "properties": { + "git": { + "properties": { + "gcpServiceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The GCP Service Account Email used for auth when secretType is gcpServiceAccount.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpsProxy": { + "description": "URL for the HTTPS proxy to be used when communicating with the Git repo.", + "type": "string" + }, + "policyDir": { + "description": "The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.", + "type": "string" + }, + "secretType": { + "description": "Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive.", + "type": "string" + }, + "syncBranch": { + "description": "The branch of the repository to sync from. Default: master.", + "type": "string" + }, + "syncRepo": { + "description": "The URL of the Git repository to use as the source of truth.", + "type": "string" + }, + "syncRev": { + "description": "Git revision (tag or hash) to check out. Default HEAD.", + "type": "string" + }, + "syncWaitSecs": { + "description": "Period in seconds between consecutive syncs. Default: 15.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "metricsGcpServiceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA.\n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "oci": { + "properties": { + "gcpServiceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. \n\nAllowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "policyDir": { + "description": "The absolute path of the directory that contains the local resources. Default: the root directory of the image.", + "type": "string" + }, + "secretType": { + "description": "Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. The validation of this is case-sensitive.", + "type": "string" + }, + "syncRepo": { + "description": "The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.", + "type": "string" + }, + "syncWaitSecs": { + "description": "Period in seconds(int64 format) between consecutive syncs. Default: 15.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "preventDrift": { + "description": "Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.", + "type": "boolean" + }, + "sourceFormat": { + "description": "Specifies whether the Config Sync Repo is in \"hierarchical\" or \"unstructured\" mode.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "hierarchyController": { + "description": "Hierarchy Controller configuration for the cluster.", + "properties": { + "enableHierarchicalResourceQuota": { + "description": "Whether hierarchical resource quota is enabled in this cluster.", + "type": "boolean" + }, + "enablePodTreeLabels": { + "description": "Whether pod tree labels are enabled in this cluster.", + "type": "boolean" + }, + "enabled": { + "description": "Whether Hierarchy Controller is enabled in this cluster.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "policyController": { + "description": "Policy Controller configuration for the cluster.", + "properties": { + "auditIntervalSeconds": { + "description": "Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.", + "type": "string" + }, + "enabled": { + "description": "Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.", + "type": "boolean" + }, + "exemptableNamespaces": { + "description": "The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.", + "items": { + "type": "string" + }, + "type": "array" + }, + "logDeniesEnabled": { + "description": "Logs all denies and dry run failures.", + "type": "boolean" + }, + "monitoring": { + "description": "Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]", + "properties": { + "backends": { + "description": " Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "mutationEnabled": { + "description": "Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster.", + "type": "boolean" + }, + "referentialRulesEnabled": { + "description": "Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.", + "type": "boolean" + }, + "templateLibraryInstalled": { + "description": "Installs the default template library along with Policy Controller.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "version": { + "description": "Optional. Version of ACM to install. Defaults to the latest version.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "featureRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The name of the feature\n\nAllowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of the feature", + "type": "string" + }, + "membershipLocation": { + "description": "Immutable. The location of the membership", + "type": "string" + }, + "membershipRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The name of the membership\n\nAllowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mesh": { + "description": "Manage Mesh Features", + "properties": { + "controlPlane": { + "description": "**DEPRECATED** Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL", + "type": "string" + }, + "management": { + "description": "Whether to automatically manage Service Mesh. Possible values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project of the feature\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "featureRef", + "location", + "membershipRef", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/gkehub.cnrm.cloud.google.com/gkehubmembership_v1beta1.json b/gkehub.cnrm.cloud.google.com/gkehubmembership_v1beta1.json new file mode 100644 index 00000000..e7caaa54 --- /dev/null +++ b/gkehub.cnrm.cloud.google.com/gkehubmembership_v1beta1.json @@ -0,0 +1,320 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "authority": { + "description": "Optional. How to identify workloads from this Membership. See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity", + "properties": { + "issuer": { + "description": "Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and be a valid URL with length <2000 characters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Description of this membership, limited to 63 characters. Must match the regex: `*` This field is present for legacy purposes.", + "type": "string" + }, + "endpoint": { + "description": "Optional. Endpoint information to reach this member.", + "properties": { + "gkeCluster": { + "description": "Optional. GKE-specific information. Only present if this Membership is a GKE cluster.", + "properties": { + "resourceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported.\n\nAllowed value: The `selfLink` field of a `ContainerCluster` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "kubernetesResource": { + "description": "Optional. The in-cluster Kubernetes Resources that should be applied for a correctly registered cluster, in the steady state. These resources: * Ensure that the cluster is exclusively registered to one and only one Hub Membership. * Propagate Workload Pool Information available in the Membership Authority field. * Ensure proper initial configuration of default Hub Features.", + "properties": { + "membershipCrManifest": { + "description": "Input only. The YAML representation of the Membership CR. This field is ignored for GKE clusters where Hub can read the CR directly. Callers should provide the CR that is currently present in the cluster during CreateMembership or UpdateMembership, or leave this field empty if none exists. The CR manifest is used to validate the cluster has not been registered with another Membership.", + "type": "string" + }, + "resourceOptions": { + "description": "Optional. Options for Kubernetes resource generation.", + "properties": { + "connectVersion": { + "description": "Optional. The Connect agent version to use for connect_resources. Defaults to the latest GKE Connect version. The version must be a currently supported version, obsolete versions will be rejected.", + "type": "string" + }, + "v1beta1Crd": { + "description": "Optional. Use `apiextensions/v1beta1` instead of `apiextensions/v1` for CustomResourceDefinition resources. This option should be set for clusters with Kubernetes apiserver versions <1.16.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "externalId": { + "description": "Optional. An externally-generated and managed ID for this Membership. This ID may be modified after creation, but this is not recommended. The ID must match the regex: `*` If this Membership represents a Kubernetes cluster, this value should be set to the UID of the `kube-system` namespace object.", + "type": "string" + }, + "infrastructureType": { + "description": "Optional. The infrastructure type this Membership is running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, MULTI_CLOUD", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "authority": { + "properties": { + "identityProvider": { + "description": "Output only. An identity provider that reflects the `issuer` in the workload identity pool.", + "type": "string" + }, + "workloadIdentityPool": { + "description": "Output only. The name of the workload identity pool in which `issuer` will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`, although this is subject to change in newer versions of this API.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. When the Membership was created.", + "format": "date-time", + "type": "string" + }, + "deleteTime": { + "description": "Output only. When the Membership was deleted.", + "format": "date-time", + "type": "string" + }, + "endpoint": { + "properties": { + "kubernetesMetadata": { + "description": "Output only. Useful Kubernetes-specific metadata.", + "properties": { + "kubernetesApiServerVersion": { + "description": "Output only. Kubernetes API server version string as reported by `/version`.", + "type": "string" + }, + "memoryMb": { + "description": "Output only. The total memory capacity as reported by the sum of all Kubernetes nodes resources, defined in MB.", + "format": "int64", + "type": "integer" + }, + "nodeCount": { + "description": "Output only. Node count as reported by Kubernetes nodes resources.", + "format": "int64", + "type": "integer" + }, + "nodeProviderId": { + "description": "Output only. Node providerID as reported by the first node in the list of nodes on the Kubernetes endpoint. On Kubernetes platforms that support zero-node clusters (like GKE-on-GCP), the node_count will be zero and the node_provider_id will be empty.", + "type": "string" + }, + "updateTime": { + "description": "Output only. The time at which these details were last updated. This update_time is different from the Membership-level update_time since EndpointDetails are updated internally for API consumers.", + "format": "date-time", + "type": "string" + }, + "vcpuCount": { + "description": "Output only. vCPU count as reported by Kubernetes nodes resources.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "kubernetesResource": { + "properties": { + "connectResources": { + "description": "Output only. The Kubernetes resources for installing the GKE Connect agent This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.", + "items": { + "properties": { + "clusterScoped": { + "description": "Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.", + "type": "boolean" + }, + "manifest": { + "description": "YAML manifest of the resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "membershipResources": { + "description": "Output only. Additional Kubernetes resources that need to be applied to the cluster after Membership creation, and after every update. This field is only populated in the Membership returned from a successful long-running operation from CreateMembership or UpdateMembership. It is not populated during normal GetMembership or ListMemberships requests. To get the resource manifest after the initial registration, the caller should make a UpdateMembership call with an empty field mask.", + "items": { + "properties": { + "clusterScoped": { + "description": "Whether the resource provided in the manifest is `cluster_scoped`. If unset, the manifest is assumed to be namespace scoped. This field is used for REST mapping when applying the resource in a cluster.", + "type": "boolean" + }, + "manifest": { + "description": "YAML manifest of the resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "lastConnectionTime": { + "description": "Output only. For clusters using Connect, the timestamp of the most recent connection established with Google Cloud. This time is updated every several minutes, not continuously. For clusters that do not use GKE Connect, or that have never connected successfully, this field will be unset.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Output only. State of the Membership resource.", + "properties": { + "code": { + "description": "Output only. The current state of the Membership resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, DELETING, UPDATING, SERVICE_UPDATING", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "uniqueId": { + "description": "Output only. Google-generated UUID for this resource. This is unique across all Membership resources. If a Membership resource is deleted and another resource with the same name is created, it gets a different unique_id.", + "type": "string" + }, + "updateTime": { + "description": "Output only. When the Membership was last updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamaccessboundarypolicy_v1beta1.json b/iam.cnrm.cloud.google.com/iamaccessboundarypolicy_v1beta1.json new file mode 100644 index 00000000..62f9b2d3 --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamaccessboundarypolicy_v1beta1.json @@ -0,0 +1,188 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "displayName": { + "description": "The display name of the rule.", + "type": "string" + }, + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, where {{value}} is the `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rules": { + "description": "Rules to be applied.", + "items": { + "properties": { + "accessBoundaryRule": { + "description": "An access boundary rule in an IAM policy.", + "properties": { + "availabilityCondition": { + "description": "The availability condition further constrains the access allowed by the access boundary rule.", + "properties": { + "description": { + "description": "Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.", + "type": "string" + }, + "expression": { + "description": "Textual representation of an expression in Common Expression Language syntax.", + "type": "string" + }, + "location": { + "description": "String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.", + "type": "string" + }, + "title": { + "description": "Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.", + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object", + "additionalProperties": false + }, + "availablePermissions": { + "description": "A list of permissions that may be allowed for use on the specified resource.", + "items": { + "type": "string" + }, + "type": "array" + }, + "availableResource": { + "description": "The full resource name of a Google Cloud resource entity.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "The description of the rule.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "projectRef", + "rules" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "etag": { + "description": "The hash of the resource. Used internally during updates.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamauditconfig_v1beta1.json b/iam.cnrm.cloud.google.com/iamauditconfig_v1beta1.json new file mode 100644 index 00000000..2c1cb8fb --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamauditconfig_v1beta1.json @@ -0,0 +1,125 @@ +{ + "description": "IAMAuditConfig is the schema for the IAM audit logging API.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "IAMAuditConfigSpec defines the desired state of IAMAuditConfig.", + "properties": { + "auditLogConfigs": { + "description": "Required. The configuration for logging of each type of permission.", + "items": { + "properties": { + "exemptedMembers": { + "description": "Identities that do not cause logging for this type of permission. The format is the same as that for 'members' in IAMPolicy/IAMPolicyMember.", + "items": { + "type": "string" + }, + "type": "array" + }, + "logType": { + "description": "Permission type for which logging is to be configured. Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'.", + "pattern": "^(DATA_READ|DATA_WRITE|ADMIN_READ)$", + "type": "string" + } + }, + "required": [ + "logType" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceRef": { + "description": "Immutable. Required. The GCP resource to set the IAMAuditConfig on (e.g. project).", + "properties": { + "apiVersion": { + "type": "string" + }, + "external": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object", + "additionalProperties": false + }, + "service": { + "description": "Immutable. Required. The service for which to enable Data Access audit logs. The special value 'allServices' covers all services. Note that if there are audit configs covering both 'allServices' and a specific service, then the union of the two audit configs is used for that service: the 'logTypes' specified in each 'auditLogConfig' are enabled, and the 'exemptedMembers' in each 'auditLogConfg' are exempted.", + "type": "string" + } + }, + "required": [ + "auditLogConfigs", + "resourceRef", + "service" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "IAMAuditConfigStatus defines the observed state of IAMAuditConfig.", + "properties": { + "conditions": { + "description": "Conditions represent the latest available observations of the IAMAuditConfig's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamcustomrole_v1beta1.json b/iam.cnrm.cloud.google.com/iamcustomrole_v1beta1.json new file mode 100644 index 00000000..1b816dfa --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamcustomrole_v1beta1.json @@ -0,0 +1,100 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A human-readable description for the role.", + "type": "string" + }, + "permissions": { + "description": "The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.", + "items": { + "type": "string" + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The roleId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "stage": { + "description": "The current launch stage of the role. Defaults to GA.", + "type": "string" + }, + "title": { + "description": "A human-readable title for the role.", + "type": "string" + } + }, + "required": [ + "permissions", + "title" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "deleted": { + "description": "The current deleted state of the role.", + "type": "boolean" + }, + "name": { + "description": "The full name of the role.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iampartialpolicy_v1beta1.json b/iam.cnrm.cloud.google.com/iampartialpolicy_v1beta1.json new file mode 100644 index 00000000..d015a33d --- /dev/null +++ b/iam.cnrm.cloud.google.com/iampartialpolicy_v1beta1.json @@ -0,0 +1,399 @@ +{ + "description": "IAMPartialPolicy is the Schema for the iampartialpolicy API", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "IAMPartialPolicySpec defines the desired state of IAMPartialPolicy", + "properties": { + "bindings": { + "description": "Optional. The list of IAM bindings managed by Config Connector.", + "items": { + "description": "Specifies the members to bind to an IAM role.", + "properties": { + "condition": { + "description": "Optional. The condition under which the binding applies.", + "properties": { + "description": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "expression", + "title" + ], + "type": "object", + "additionalProperties": false + }, + "members": { + "description": "Optional. The list of IAM users to be bound to the role.", + "items": { + "oneOf": [ + { + "required": [ + "member" + ] + }, + { + "required": [ + "memberFrom" + ] + } + ], + "properties": { + "member": { + "description": "The IAM identity to be bound to the role. Exactly one of 'member' or 'memberFrom' must be used.", + "type": "string" + }, + "memberFrom": { + "description": "The IAM identity to be bound to the role. Exactly one of 'member' or 'memberFrom' must be used, and only one subfield within 'memberFrom' can be used.", + "oneOf": [ + { + "required": [ + "logSinkRef" + ] + }, + { + "required": [ + "serviceAccountRef" + ] + }, + { + "required": [ + "serviceIdentityRef" + ] + }, + { + "required": [ + "sqlInstanceRef" + ] + } + ], + "properties": { + "logSinkRef": { + "description": "The LoggingLogSink whose writer identity (i.e. its 'status.writerIdentity') is to be bound to the role.", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "The IAMServiceAccount to be bound to the role.", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "serviceIdentityRef": { + "description": "The ServiceIdentity whose service account (i.e., its 'status.email') is to be bound to the role.", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "sqlInstanceRef": { + "description": "The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') is to be bound to the role.", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "role": { + "description": "Required. The role to bind the users to.", + "pattern": "^((projects|organizations)/[^/]+/)?roles/[\\w_\\.]+$", + "type": "string" + } + }, + "required": [ + "role" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceRef": { + "description": "Immutable. Required. The GCP resource to set the IAM policy on.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + }, + { + "required": [ + "apiVersion" + ] + }, + { + "required": [ + "external" + ] + } + ] + } + } + ], + "properties": { + "apiVersion": { + "type": "string" + }, + "external": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "resourceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy", + "properties": { + "allBindings": { + "description": "AllBindings surfaces all IAM bindings for the referenced resource.", + "items": { + "description": "Specifies the members to bind to an IAM role.", + "properties": { + "condition": { + "description": "Optional. The condition under which the binding applies.", + "properties": { + "description": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "expression", + "title" + ], + "type": "object", + "additionalProperties": false + }, + "members": { + "description": "Optional. The list of IAM users to be bound to the role.", + "items": { + "type": "string" + }, + "type": "array" + }, + "role": { + "description": "Required. The role to bind the users to.", + "type": "string" + } + }, + "required": [ + "role" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "conditions": { + "description": "Conditions represent the latest available observations of the IAM policy's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "lastAppliedBindings": { + "description": "LastAppliedBindings is the list of IAM bindings that were most recently applied by Config Connector.", + "items": { + "description": "Specifies the members to bind to an IAM role.", + "properties": { + "condition": { + "description": "Optional. The condition under which the binding applies.", + "properties": { + "description": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "expression", + "title" + ], + "type": "object", + "additionalProperties": false + }, + "members": { + "description": "Optional. The list of IAM users to be bound to the role.", + "items": { + "type": "string" + }, + "type": "array" + }, + "role": { + "description": "Required. The role to bind the users to.", + "type": "string" + } + }, + "required": [ + "role" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iampolicy_v1beta1.json b/iam.cnrm.cloud.google.com/iampolicy_v1beta1.json new file mode 100644 index 00000000..a4a2520d --- /dev/null +++ b/iam.cnrm.cloud.google.com/iampolicy_v1beta1.json @@ -0,0 +1,241 @@ +{ + "description": "IAMPolicy is the Schema for the iampolicies API", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "IAMPolicySpec defines the desired state of IAMPolicy", + "properties": { + "auditConfigs": { + "description": "Optional. The list of IAM audit configs.", + "items": { + "description": "Specifies the Cloud Audit Logs configuration for the IAM policy.", + "properties": { + "auditLogConfigs": { + "description": "Required. The configuration for logging of each type of permission.", + "items": { + "properties": { + "exemptedMembers": { + "description": "Identities that do not cause logging for this type of permission. The format is the same as that for 'members' in IAMPolicy/IAMPolicyMember.", + "items": { + "type": "string" + }, + "type": "array" + }, + "logType": { + "description": "Permission type for which logging is to be configured. Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'.", + "pattern": "^(DATA_READ|DATA_WRITE|ADMIN_READ)$", + "type": "string" + } + }, + "required": [ + "logType" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "service": { + "description": "Required. The service for which to enable Data Access audit logs. The special value 'allServices' covers all services. Note that if there are audit configs covering both 'allServices' and a specific service, then the union of the two audit configs is used for that service: the 'logTypes' specified in each 'auditLogConfig' are enabled, and the 'exemptedMembers' in each 'auditLogConfg' are exempted.", + "type": "string" + } + }, + "required": [ + "auditLogConfigs", + "service" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "bindings": { + "description": "Optional. The list of IAM bindings.", + "items": { + "description": "Specifies the members to bind to an IAM role.", + "properties": { + "condition": { + "description": "Optional. The condition under which the binding applies.", + "properties": { + "description": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "expression", + "title" + ], + "type": "object", + "additionalProperties": false + }, + "members": { + "description": "Optional. The list of IAM users to be bound to the role.", + "items": { + "type": "string" + }, + "type": "array" + }, + "role": { + "description": "Required. The role to bind the users to.", + "pattern": "^((projects|organizations)/[^/]+/)?roles/[\\w_\\.]+$", + "type": "string" + } + }, + "required": [ + "role" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceRef": { + "description": "Immutable. Required. The GCP resource to set the IAM policy on.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + }, + { + "required": [ + "apiVersion" + ] + }, + { + "required": [ + "external" + ] + } + ] + } + } + ], + "properties": { + "apiVersion": { + "type": "string" + }, + "external": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "resourceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "IAMPolicyStatus defines the observed state of IAMPolicy", + "properties": { + "conditions": { + "description": "Conditions represent the latest available observations of the IAM policy's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iampolicymember_v1beta1.json b/iam.cnrm.cloud.google.com/iampolicymember_v1beta1.json new file mode 100644 index 00000000..684b3015 --- /dev/null +++ b/iam.cnrm.cloud.google.com/iampolicymember_v1beta1.json @@ -0,0 +1,286 @@ +{ + "description": "IAMPolicyMember is the Schema for the iampolicies API", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "IAMPolicyMemberSpec defines the desired state of IAMPolicyMember", + "oneOf": [ + { + "required": [ + "member" + ] + }, + { + "required": [ + "memberFrom" + ] + } + ], + "properties": { + "condition": { + "description": "Immutable. Optional. The condition under which the binding applies.", + "properties": { + "description": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "expression", + "title" + ], + "type": "object", + "additionalProperties": false + }, + "member": { + "description": "Immutable. The IAM identity to be bound to the role. Exactly one of 'member' or 'memberFrom' must be used.", + "type": "string" + }, + "memberFrom": { + "description": "Immutable. The IAM identity to be bound to the role. Exactly one of 'member' or 'memberFrom' must be used, and only one subfield within 'memberFrom' can be used.", + "oneOf": [ + { + "required": [ + "logSinkRef" + ] + }, + { + "required": [ + "serviceAccountRef" + ] + }, + { + "required": [ + "serviceIdentityRef" + ] + }, + { + "required": [ + "sqlInstanceRef" + ] + } + ], + "properties": { + "logSinkRef": { + "description": "The LoggingLogSink whose writer identity (i.e. its 'status.writerIdentity') is to be bound to the role.", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "The IAMServiceAccount to be bound to the role.", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "serviceIdentityRef": { + "description": "The ServiceIdentity whose service account (i.e., its 'status.email') is to be bound to the role.", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "sqlInstanceRef": { + "description": "The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') is to be bound to the role.", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceRef": { + "description": "Immutable. Required. The GCP resource to set the IAM policy on.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + }, + { + "required": [ + "apiVersion" + ] + }, + { + "required": [ + "external" + ] + } + ] + } + } + ], + "properties": { + "apiVersion": { + "type": "string" + }, + "external": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object", + "additionalProperties": false + }, + "role": { + "description": "Immutable. Required. The role for which the Member will be bound.", + "pattern": "^((projects|organizations)/[^/]+/)?roles/[\\w_\\.]+$", + "type": "string" + } + }, + "required": [ + "resourceRef", + "role" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "IAMPolicyMemberStatus defines the observed state of IAMPolicyMember", + "properties": { + "conditions": { + "description": "Conditions represent the latest available observations of the IAM policy's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamserviceaccount_v1beta1.json b/iam.cnrm.cloud.google.com/iamserviceaccount_v1beta1.json new file mode 100644 index 00000000..cbf3ef28 --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamserviceaccount_v1beta1.json @@ -0,0 +1,94 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.", + "type": "string" + }, + "disabled": { + "description": "Whether the service account is disabled. Defaults to false.", + "type": "boolean" + }, + "displayName": { + "description": "The display name for the service account. Can be updated without creating a new resource.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The accountId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "email": { + "description": "The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges.", + "type": "string" + }, + "member": { + "description": "The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.", + "type": "string" + }, + "name": { + "description": "The fully-qualified name of the service account.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "uniqueId": { + "description": "The unique id of the service account.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamserviceaccountkey_v1beta1.json b/iam.cnrm.cloud.google.com/iamserviceaccountkey_v1beta1.json new file mode 100644 index 00000000..25f88b43 --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamserviceaccountkey_v1beta1.json @@ -0,0 +1,153 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "keyAlgorithm": { + "description": "Immutable. The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: \"KEY_ALG_RSA_1024\", \"KEY_ALG_RSA_2048\".", + "type": "string" + }, + "privateKeyType": { + "description": "Immutable.", + "type": "string" + }, + "publicKeyData": { + "description": "Immutable. A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM.", + "type": "string" + }, + "publicKeyType": { + "description": "Immutable.", + "type": "string" + }, + "serviceAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "serviceAccountRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "Immutable. The name used for this key pair.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "privateKey": { + "description": "The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.", + "type": "string" + }, + "publicKey": { + "description": "Immutable. The public key, base64 encoded.", + "type": "string" + }, + "validAfter": { + "description": "The key can be used after this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "validBefore": { + "description": "The key can be used before this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamworkforcepool_v1beta1.json b/iam.cnrm.cloud.google.com/iamworkforcepool_v1beta1.json new file mode 100644 index 00000000..365b3c41 --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamworkforcepool_v1beta1.json @@ -0,0 +1,151 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A user-specified description of the pool. Cannot exceed 256 characters.", + "type": "string" + }, + "disabled": { + "description": "Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.", + "type": "boolean" + }, + "displayName": { + "description": "A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "organizationRef": { + "description": "Immutable. The Organization that this resource belongs to. Only one of [organizationRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "sessionDuration": { + "description": "How long the Google Cloud access tokens, console sign-in sessions, and gcloud sign-in sessions from this pool are valid. Must be greater than 15 minutes (900s) and less than 12 hours (43200s). If `session_duration` is not configured, minted credentials will have a default duration of one hour (3600s).", + "type": "string" + } + }, + "required": [ + "location", + "organizationRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}`", + "type": "string" + }, + "state": { + "description": "Output only. The state of the pool. Possible values: STATE_UNSPECIFIED, ACTIVE, DELETED", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamworkforcepoolprovider_v1beta1.json b/iam.cnrm.cloud.google.com/iamworkforcepoolprovider_v1beta1.json new file mode 100644 index 00000000..08b733cb --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamworkforcepoolprovider_v1beta1.json @@ -0,0 +1,314 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "attributeCondition": { + "description": "A [Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. `google.profile_photo` and `google.display_name` are not supported. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credentials will be accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ``` \"'admins' in google.groups\" ```", + "type": "string" + }, + "attributeMapping": { + "additionalProperties": { + "type": "string" + }, + "description": "Required. Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example:", + "type": "object" + }, + "description": { + "description": "A user-specified description of the provider. Cannot exceed 256 characters.", + "type": "string" + }, + "disabled": { + "description": "Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.", + "type": "boolean" + }, + "displayName": { + "description": "A user-specified display name for the provider. Cannot exceed 32 characters.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "oidc": { + "description": "An OpenId Connect 1.0 identity provider configuration.", + "properties": { + "clientId": { + "description": "Required. The client ID. Must match the audience claim of the JWT issued by the identity provider.", + "type": "string" + }, + "clientSecret": { + "description": "The optional client secret. Required to enable Authorization Code flow for web sign-in.", + "properties": { + "value": { + "description": "The value of the client secret.", + "properties": { + "plainText": { + "description": "Input only. The plain text of the client secret value.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "issuerUri": { + "description": "Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme.", + "type": "string" + }, + "jwksJson": { + "description": "OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the `jwks_uri` from the discovery document fetched from the .well-known path for the `issuer_uri`. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: ```{\"keys\": [{\"kty\": \"RSA/EC\", \"alg\": \"\", \"use\": \"sig\", \"kid\": \"\", \"n\": \"\", \"e\": \"\", \"x\": \"\", \"y\": \"\", \"crv\": \"\"}]}```", + "type": "string" + }, + "webSsoConfig": { + "description": "Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.", + "properties": { + "additionalScopes": { + "description": "Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the `openid`, `profile` and `email` scopes that are supported by the identity provider are requested. Each additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.", + "items": { + "type": "string" + }, + "type": "array" + }, + "assertionClaimsBehavior": { + "description": "Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. Possible values: ASSERTION_CLAIMS_BEHAVIOR_UNSPECIFIED, MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS, ONLY_ID_TOKEN_CLAIMS", + "type": "string" + }, + "responseType": { + "description": "Required. The Response Type to request for in the OIDC Authorization Request for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit Flow, for security reasons. Possible values: RESPONSE_TYPE_UNSPECIFIED, CODE, ID_TOKEN", + "type": "string" + } + }, + "required": [ + "assertionClaimsBehavior", + "responseType" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clientId", + "issuerUri", + "webSsoConfig" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "saml": { + "description": "A SAML identity provider configuration.", + "properties": { + "idpMetadataXml": { + "description": "Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 10 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.", + "type": "string" + } + }, + "required": [ + "idpMetadataXml" + ], + "type": "object", + "additionalProperties": false + }, + "workforcePoolRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The workforce_pool for the resource\n\nAllowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "attributeMapping", + "location", + "workforcePoolRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "oidc": { + "properties": { + "clientSecret": { + "properties": { + "value": { + "properties": { + "thumbprint": { + "description": "Output only. A thumbprint to represent the current client secret value.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "state": { + "description": "Output only. The state of the provider. Possible values: STATE_UNSPECIFIED, ACTIVE, DELETED", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamworkloadidentitypool_v1beta1.json b/iam.cnrm.cloud.google.com/iamworkloadidentitypool_v1beta1.json new file mode 100644 index 00000000..e9d1c8e6 --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamworkloadidentitypool_v1beta1.json @@ -0,0 +1,143 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "A description of the pool. Cannot exceed 256 characters.", + "type": "string" + }, + "disabled": { + "description": "Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.", + "type": "boolean" + }, + "displayName": { + "description": "A display name for the pool. Cannot exceed 32 characters.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Output only. The state of the pool. Possible values: STATE_UNSPECIFIED, ACTIVE, DELETED", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/iam.cnrm.cloud.google.com/iamworkloadidentitypoolprovider_v1beta1.json b/iam.cnrm.cloud.google.com/iamworkloadidentitypoolprovider_v1beta1.json new file mode 100644 index 00000000..9a710679 --- /dev/null +++ b/iam.cnrm.cloud.google.com/iamworkloadidentitypoolprovider_v1beta1.json @@ -0,0 +1,247 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "attributeCondition": { + "description": "[A Common Expression Language](https://opensource.google/projects/cel) expression, in plain text, to restrict what otherwise valid authentication credentials issued by the provider should not be accepted. The expression must output a boolean representing whether to allow the federation. The following keywords may be referenced in the expressions: * `assertion`: JSON representing the authentication credential issued by the provider. * `google`: The Google attributes mapped from the assertion in the `attribute_mappings`. * `attribute`: The custom attributes mapped from the assertion in the `attribute_mappings`. The maximum length of the attribute condition expression is 4096 characters. If unspecified, all valid authentication credential are accepted. The following example shows how to only allow credentials with a mapped `google.groups` value of `admins`: ``` \"'admins' in google.groups\" ```", + "type": "string" + }, + "attributeMapping": { + "additionalProperties": { + "type": "string" + }, + "description": "Maps attributes from authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. Cannot exceed 127 characters. * `google.groups`: Groups the external identity belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where `{custom_attribute}` is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workload to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 8KB. For AWS providers, if no attribute mapping is defined, the following default mapping applies: ``` { \"google.subject\":\"assertion.arn\", \"attribute.aws_role\": \"assertion.arn.contains('assumed-role')\" \" ? assertion.arn.extract('{account_arn}assumed-role/')\" \" + 'assumed-role/'\" \" + assertion.arn.extract('assumed-role/{role_name}/')\" \" : assertion.arn\", } ``` If any custom attribute mappings are defined, they must include a mapping to the `google.subject` attribute. For OIDC providers, you must supply a custom mapping, which must include the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ``` {\"google.subject\": \"assertion.sub\"} ```", + "type": "object" + }, + "aws": { + "description": "An Amazon Web Services identity provider.", + "properties": { + "accountId": { + "description": "Required. The AWS account ID.", + "type": "string" + }, + "stsUri": { + "description": "A list of AWS STS URIs that can be used when exchanging credentials. If not provided, any valid AWS STS URI is allowed. URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, where {region} is a valid AWS region. You can specify a maximum of 25 URIs.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "accountId" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "A description for the provider. Cannot exceed 256 characters.", + "type": "string" + }, + "disabled": { + "description": "Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.", + "type": "boolean" + }, + "displayName": { + "description": "A display name for the provider. Cannot exceed 32 characters.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "oidc": { + "description": "An OpenId Connect 1.0 identity provider.", + "properties": { + "allowedAudiences": { + "description": "Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ ```", + "items": { + "type": "string" + }, + "type": "array" + }, + "issuerUri": { + "description": "Required. The OIDC issuer URL. Must be an HTTPS endpoint.", + "type": "string" + } + }, + "required": [ + "issuerUri" + ], + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "workloadIdentityPoolRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The workloadIdentityPool for the resource\n\nAllowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef", + "workloadIdentityPoolRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Output only. The state of the provider. Possible values: STATE_UNSPECIFIED, ACTIVE, DELETED", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/iap.cnrm.cloud.google.com/iapbrand_v1beta1.json b/iap.cnrm.cloud.google.com/iapbrand_v1beta1.json new file mode 100644 index 00000000..bff5c471 --- /dev/null +++ b/iap.cnrm.cloud.google.com/iapbrand_v1beta1.json @@ -0,0 +1,78 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "applicationTitle": { + "description": "Immutable. Application name displayed on OAuth consent screen.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "supportEmail": { + "description": "Immutable. Support email displayed on the OAuth consent screen.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "orgInternalOnly": { + "description": "Output only. Whether the brand is only intended for usage inside the G Suite organization only.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/iap.cnrm.cloud.google.com/iapidentityawareproxyclient_v1beta1.json b/iap.cnrm.cloud.google.com/iapidentityawareproxyclient_v1beta1.json new file mode 100644 index 00000000..f9e4aa91 --- /dev/null +++ b/iap.cnrm.cloud.google.com/iapidentityawareproxyclient_v1beta1.json @@ -0,0 +1,130 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "brandRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The brand for the resource\n\nAllowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "Immutable. Human-friendly name given to the OAuth client.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "required": [ + "brandRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "secret": { + "description": "Output only. Client secret of the OAuth client.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/identityplatform.cnrm.cloud.google.com/identityplatformconfig_v1beta1.json b/identityplatform.cnrm.cloud.google.com/identityplatformconfig_v1beta1.json new file mode 100644 index 00000000..b6e4eca8 --- /dev/null +++ b/identityplatform.cnrm.cloud.google.com/identityplatformconfig_v1beta1.json @@ -0,0 +1,839 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "authorizedDomains": { + "description": "List of domains authorized for OAuth redirects", + "items": { + "type": "string" + }, + "type": "array" + }, + "blockingFunctions": { + "description": "Configuration related to blocking functions.", + "properties": { + "triggers": { + "additionalProperties": { + "properties": { + "functionUriRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "HTTP URI trigger for the Cloud Function.\n\nAllowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "updateTime": { + "description": "When the trigger was changed.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": "Map of Trigger to event type. Key should be one of the supported event types: \"beforeCreate\", \"beforeSignIn\"", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "client": { + "description": "Options related to how clients making requests on behalf of a project should be configured.", + "properties": { + "permissions": { + "description": "Configuration related to restricting a user's ability to affect their account.", + "properties": { + "disabledUserDeletion": { + "description": "When true, end users cannot delete their account on the associated project through any of our API methods", + "type": "boolean" + }, + "disabledUserSignup": { + "description": "When true, end users cannot sign up for a new account on the associated project through any of our API methods", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "mfa": { + "description": "Configuration for this project's multi-factor authentication, including whether it is active and what factors can be used for the second factor", + "properties": { + "state": { + "description": "Whether MultiFactor Authentication has been enabled for this project. Possible values: STATE_UNSPECIFIED, DISABLED, ENABLED, MANDATORY", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "monitoring": { + "description": "Configuration related to monitoring project activity.", + "properties": { + "requestLogging": { + "description": "Configuration for logging requests made to this project to Stackdriver Logging", + "properties": { + "enabled": { + "description": "Whether logging is enabled for this project or not.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "multiTenant": { + "description": "Configuration related to multi-tenant functionality.", + "properties": { + "allowTenants": { + "description": "Whether this project can have tenants or not.", + "type": "boolean" + }, + "defaultTenantLocationRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name", + "kind" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + }, + { + "required": [ + "kind" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of \"/\", such as \"folders/123\" or \"organizations/456\". If the value is not set, the tenant will be created under the same organization or folder as the agent project.\n\nAllowed values:\n* The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).\n* The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. Allowed values: Folder", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "notification": { + "description": "Configuration related to sending notifications to users.", + "properties": { + "defaultLocale": { + "description": "Default locale used for email and SMS in IETF BCP 47 format.", + "type": "string" + }, + "sendEmail": { + "description": "Options for email sending.", + "properties": { + "callbackUri": { + "description": "action url in email template.", + "type": "string" + }, + "changeEmailTemplate": { + "description": "Email template for change email", + "properties": { + "body": { + "description": "Immutable. Email body", + "type": "string" + }, + "bodyFormat": { + "description": "Email body format Possible values: BODY_FORMAT_UNSPECIFIED, PLAIN_TEXT, HTML", + "type": "string" + }, + "replyTo": { + "description": "Reply-to address", + "type": "string" + }, + "senderDisplayName": { + "description": "Sender display name", + "type": "string" + }, + "senderLocalPart": { + "description": "Local part of From address", + "type": "string" + }, + "subject": { + "description": "Subject of the email", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "dnsInfo": { + "description": "Information of custom domain DNS verification.", + "properties": { + "useCustomDomain": { + "description": "Whether to use custom domain.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "method": { + "description": "The method used for sending an email. Possible values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP", + "type": "string" + }, + "resetPasswordTemplate": { + "description": "Email template for reset password", + "properties": { + "body": { + "description": "Email body", + "type": "string" + }, + "bodyFormat": { + "description": "Email body format Possible values: BODY_FORMAT_UNSPECIFIED, PLAIN_TEXT, HTML", + "type": "string" + }, + "replyTo": { + "description": "Reply-to address", + "type": "string" + }, + "senderDisplayName": { + "description": "Sender display name", + "type": "string" + }, + "senderLocalPart": { + "description": "Local part of From address", + "type": "string" + }, + "subject": { + "description": "Subject of the email", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "revertSecondFactorAdditionTemplate": { + "description": "Email template for reverting second factor addition emails", + "properties": { + "body": { + "description": "Immutable. Email body", + "type": "string" + }, + "bodyFormat": { + "description": "Email body format Possible values: BODY_FORMAT_UNSPECIFIED, PLAIN_TEXT, HTML", + "type": "string" + }, + "replyTo": { + "description": "Reply-to address", + "type": "string" + }, + "senderDisplayName": { + "description": "Sender display name", + "type": "string" + }, + "senderLocalPart": { + "description": "Local part of From address", + "type": "string" + }, + "subject": { + "description": "Subject of the email", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "smtp": { + "description": "Use a custom SMTP relay", + "properties": { + "host": { + "description": "SMTP relay host", + "type": "string" + }, + "password": { + "description": "SMTP relay password", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "port": { + "description": "SMTP relay port", + "format": "int64", + "type": "integer" + }, + "securityMode": { + "description": "SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, SSL, START_TLS", + "type": "string" + }, + "senderEmail": { + "description": "Sender email for the SMTP relay", + "type": "string" + }, + "username": { + "description": "SMTP relay username", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "verifyEmailTemplate": { + "description": "Email template for verify email", + "properties": { + "body": { + "description": "Immutable. Email body", + "type": "string" + }, + "bodyFormat": { + "description": "Email body format Possible values: BODY_FORMAT_UNSPECIFIED, PLAIN_TEXT, HTML", + "type": "string" + }, + "replyTo": { + "description": "Reply-to address", + "type": "string" + }, + "senderDisplayName": { + "description": "Sender display name", + "type": "string" + }, + "senderLocalPart": { + "description": "Local part of From address", + "type": "string" + }, + "subject": { + "description": "Subject of the email", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "sendSms": { + "description": "Options for SMS sending.", + "properties": { + "useDeviceLocale": { + "description": "Whether to use the accept_language header for SMS.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project of the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "quota": { + "description": "Configuration related to quotas.", + "properties": { + "signUpQuotaConfig": { + "description": "Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.", + "properties": { + "quota": { + "description": "Corresponds to the 'refill_token_count' field in QuotaServer config", + "format": "int64", + "type": "integer" + }, + "quotaDuration": { + "description": "How long this quota will be active for", + "type": "string" + }, + "startTime": { + "description": "When this quota will take affect", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "signIn": { + "description": "Configuration related to local sign in methods.", + "properties": { + "allowDuplicateEmails": { + "description": "Whether to allow more than one account to have the same email.", + "type": "boolean" + }, + "anonymous": { + "description": "Configuration options related to authenticating an anonymous user.", + "properties": { + "enabled": { + "description": "Whether anonymous user auth is enabled for the project or not.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "email": { + "description": "Configuration options related to authenticating a user by their email address.", + "properties": { + "enabled": { + "description": "Whether email auth is enabled for the project or not.", + "type": "boolean" + }, + "passwordRequired": { + "description": "Whether a password is required for email auth or not. If true, both an email and password must be provided to sign in. If false, a user may sign in via either email/password or email link.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "phoneNumber": { + "description": "Configuration options related to authenticated a user by their phone number.", + "properties": { + "enabled": { + "description": "Whether phone number auth is enabled for the project or not.", + "type": "boolean" + }, + "testPhoneNumbers": { + "additionalProperties": { + "type": "string" + }, + "description": "A map of that can be used for phone auth testing.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "client": { + "properties": { + "apiKey": { + "description": "Output only. API key that can be used when making requests for this project.", + "type": "string" + }, + "firebaseSubdomain": { + "description": "Output only. Firebase subdomain.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "notification": { + "properties": { + "sendEmail": { + "properties": { + "changeEmailTemplate": { + "properties": { + "customized": { + "description": "Output only. Whether the body or subject of the email is customized.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "dnsInfo": { + "properties": { + "customDomain": { + "description": "Output only. The applied verified custom domain.", + "type": "string" + }, + "customDomainState": { + "description": "Output only. The current verification state of the custom domain. The custom domain will only be used once the domain verification is successful. Possible values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, IN_PROGRESS, FAILED, SUCCEEDED", + "type": "string" + }, + "domainVerificationRequestTime": { + "description": "Output only. The timestamp of initial request for the current domain verification.", + "format": "date-time", + "type": "string" + }, + "pendingCustomDomain": { + "description": "Output only. The custom domain that's to be verified.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resetPasswordTemplate": { + "properties": { + "customized": { + "description": "Output only. Whether the body or subject of the email is customized.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "revertSecondFactorAdditionTemplate": { + "properties": { + "customized": { + "description": "Output only. Whether the body or subject of the email is customized.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "verifyEmailTemplate": { + "properties": { + "customized": { + "description": "Output only. Whether the body or subject of the email is customized.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "sendSms": { + "properties": { + "smsTemplate": { + "description": "Output only. The template to use when sending an SMS.", + "properties": { + "content": { + "description": "Output only. The SMS's content. Can contain the following placeholders which will be replaced with the appropriate values: %APP_NAME% - For Android or iOS apps, the app's display name. For web apps, the domain hosting the application. %LOGIN_CODE% - The OOB code being sent in the SMS.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "signIn": { + "properties": { + "email": { + "properties": { + "hashConfig": { + "description": "Output only. Hash config information.", + "properties": { + "algorithm": { + "description": "Output only. Different password hash algorithms used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, STANDARD_SCRYPT", + "type": "string" + }, + "memoryCost": { + "description": "Output only. Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field.", + "format": "int64", + "type": "integer" + }, + "rounds": { + "description": "Output only. How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms.", + "format": "int64", + "type": "integer" + }, + "saltSeparator": { + "description": "Output only. Non-printable character to be inserted between the salt and plain text password in base64.", + "type": "string" + }, + "signerKey": { + "description": "Output only. Signer key in base64.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "hashConfig": { + "description": "Output only. Hash config information.", + "properties": { + "algorithm": { + "description": "Output only. Different password hash algorithms used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, STANDARD_SCRYPT", + "type": "string" + }, + "memoryCost": { + "description": "Output only. Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field.", + "format": "int64", + "type": "integer" + }, + "rounds": { + "description": "Output only. How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms.", + "format": "int64", + "type": "integer" + }, + "saltSeparator": { + "description": "Output only. Non-printable character to be inserted between the salt and plain text password in base64.", + "type": "string" + }, + "signerKey": { + "description": "Output only. Signer key in base64.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "subtype": { + "description": "Output only. The subtype of this config. Possible values: SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/identityplatform.cnrm.cloud.google.com/identityplatformoauthidpconfig_v1beta1.json b/identityplatform.cnrm.cloud.google.com/identityplatformoauthidpconfig_v1beta1.json new file mode 100644 index 00000000..3cdd4f29 --- /dev/null +++ b/identityplatform.cnrm.cloud.google.com/identityplatformoauthidpconfig_v1beta1.json @@ -0,0 +1,160 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clientId": { + "description": "The client id of an OAuth client.", + "type": "string" + }, + "clientSecret": { + "description": "The client secret of the OAuth client, to enable OIDC code flow.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "The config's display name set by developers.", + "type": "string" + }, + "enabled": { + "description": "True if allows the user to sign in with the provider.", + "type": "boolean" + }, + "issuer": { + "description": "For OIDC Idps, the issuer identifier.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "responseType": { + "description": "The multiple response type to request for in the OAuth authorization flow. This can possibly be a combination of set bits (e.g.: {id\\_token, token}).", + "properties": { + "code": { + "description": "If true, authorization code is returned from IdP's authorization endpoint.", + "type": "boolean" + }, + "idToken": { + "description": "If true, ID token is returned from IdP's authorization endpoint.", + "type": "boolean" + }, + "token": { + "description": "If true, access token is returned from IdP's authorization endpoint.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/identityplatform.cnrm.cloud.google.com/identityplatformtenant_v1beta1.json b/identityplatform.cnrm.cloud.google.com/identityplatformtenant_v1beta1.json new file mode 100644 index 00000000..f24d57d8 --- /dev/null +++ b/identityplatform.cnrm.cloud.google.com/identityplatformtenant_v1beta1.json @@ -0,0 +1,111 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "allowPasswordSignup": { + "description": "Whether to allow email/password user authentication.", + "type": "boolean" + }, + "disableAuth": { + "description": "Whether authentication is disabled for the tenant. If true, the users under the disabled tenant are not allowed to sign-in. Admins of the disabled tenant are not able to manage its users.", + "type": "boolean" + }, + "displayName": { + "description": "Display name of the tenant.", + "type": "string" + }, + "enableAnonymousUser": { + "description": "Whether to enable anonymous user authentication.", + "type": "boolean" + }, + "enableEmailLinkSignin": { + "description": "Whether to enable email link user authentication.", + "type": "boolean" + }, + "mfaConfig": { + "description": "The tenant-level configuration of MFA options.", + "properties": { + "enabledProviders": { + "description": "A list of usable second factors for this project.", + "items": { + "type": "string" + }, + "type": "array" + }, + "state": { + "description": "Whether MultiFactor Authentication has been enabled for this project. Possible values: STATE_UNSPECIFIED, DISABLED, ENABLED, MANDATORY", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "testPhoneNumbers": { + "additionalProperties": { + "type": "string" + }, + "description": "A map of pairs that can be used for MFA. The phone number should be in E.164 format (https://www.itu.int/rec/T-REC-E.164/) and a maximum of 10 pairs can be added (error will be thrown once exceeded).", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/identityplatform.cnrm.cloud.google.com/identityplatformtenantoauthidpconfig_v1beta1.json b/identityplatform.cnrm.cloud.google.com/identityplatformtenantoauthidpconfig_v1beta1.json new file mode 100644 index 00000000..3af7c65a --- /dev/null +++ b/identityplatform.cnrm.cloud.google.com/identityplatformtenantoauthidpconfig_v1beta1.json @@ -0,0 +1,216 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clientId": { + "description": "The client id of an OAuth client.", + "type": "string" + }, + "clientSecret": { + "description": "The client secret of the OAuth client, to enable OIDC code flow.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "The config's display name set by developers.", + "type": "string" + }, + "enabled": { + "description": "True if allows the user to sign in with the provider.", + "type": "boolean" + }, + "issuer": { + "description": "For OIDC Idps, the issuer identifier.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "responseType": { + "description": "The multiple response type to request for in the OAuth authorization flow. This can possibly be a combination of set bits (e.g.: {id\\_token, token}).", + "properties": { + "code": { + "description": "If true, authorization code is returned from IdP's authorization endpoint.", + "type": "boolean" + }, + "idToken": { + "description": "If true, ID token is returned from IdP's authorization endpoint.", + "type": "boolean" + }, + "token": { + "description": "If true, access token is returned from IdP's authorization endpoint.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "tenantRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The tenant for the resource\n\nAllowed value: The Google Cloud resource name of an `IdentityPlatformTenant` resource (format: `projects/{{project}}/tenants/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "tenantRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/kms.cnrm.cloud.google.com/kmscryptokey_v1beta1.json b/kms.cnrm.cloud.google.com/kmscryptokey_v1beta1.json new file mode 100644 index 00000000..703324ef --- /dev/null +++ b/kms.cnrm.cloud.google.com/kmscryptokey_v1beta1.json @@ -0,0 +1,164 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "destroyScheduledDuration": { + "description": "Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.", + "type": "string" + }, + "importOnly": { + "description": "Immutable. Whether this key may contain imported versions only.", + "type": "boolean" + }, + "keyRingRef": { + "description": "The KMSKeyRing that this key belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSKeyRing` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "purpose": { + "description": "Immutable. The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rotationPeriod": { + "description": "Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).", + "type": "string" + }, + "skipInitialVersionCreation": { + "description": "Immutable. If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.", + "type": "boolean" + }, + "versionTemplate": { + "description": "A template describing settings for new crypto key versions.", + "properties": { + "algorithm": { + "description": "The algorithm to use when creating a version based on this template.\nSee the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.", + "type": "string" + }, + "protectionLevel": { + "description": "Immutable. The protection level to use when creating a version based on this template. Possible values include \"SOFTWARE\", \"HSM\", \"EXTERNAL\", \"EXTERNAL_VPC\". Defaults to \"SOFTWARE\".", + "type": "string" + } + }, + "required": [ + "algorithm" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "keyRingRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/kms.cnrm.cloud.google.com/kmskeyring_v1beta1.json b/kms.cnrm.cloud.google.com/kmskeyring_v1beta1.json new file mode 100644 index 00000000..3d74e4e0 --- /dev/null +++ b/kms.cnrm.cloud.google.com/kmskeyring_v1beta1.json @@ -0,0 +1,80 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "location": { + "description": "Immutable. The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/logging.cnrm.cloud.google.com/logginglogbucket_v1beta1.json b/logging.cnrm.cloud.google.com/logginglogbucket_v1beta1.json new file mode 100644 index 00000000..e039fcea --- /dev/null +++ b/logging.cnrm.cloud.google.com/logginglogbucket_v1beta1.json @@ -0,0 +1,325 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "billingAccountRef" + ] + }, + { + "required": [ + "folderRef" + ] + }, + { + "required": [ + "organizationRef" + ] + }, + { + "required": [ + "projectRef" + ] + } + ], + "properties": { + "billingAccountRef": { + "description": "Immutable. The BillingAccount that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Describes this bucket.", + "type": "string" + }, + "folderRef": { + "description": "Immutable. The Folder that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.", + "type": "string" + }, + "locked": { + "description": "Whether the bucket has been locked. The retention period on a locked bucket may not be changed. Locked buckets may only be deleted if they are empty.", + "type": "boolean" + }, + "organizationRef": { + "description": "Immutable. The Organization that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "retentionDays": { + "description": "Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The creation timestamp of the bucket. This is not set for any of the default buckets.", + "format": "date-time", + "type": "string" + }, + "lifecycleState": { + "description": "Output only. The bucket lifecycle state. Possible values: LIFECYCLE_STATE_UNSPECIFIED, ACTIVE, DELETE_REQUESTED", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The last update timestamp of the bucket.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/logging.cnrm.cloud.google.com/logginglogexclusion_v1beta1.json b/logging.cnrm.cloud.google.com/logginglogexclusion_v1beta1.json new file mode 100644 index 00000000..d08b60af --- /dev/null +++ b/logging.cnrm.cloud.google.com/logginglogexclusion_v1beta1.json @@ -0,0 +1,316 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "projectRef" + ] + }, + { + "required": [ + "folderRef" + ] + }, + { + "required": [ + "organizationRef" + ] + }, + { + "required": [ + "billingAccountRef" + ] + } + ], + "properties": { + "billingAccountRef": { + "description": "Immutable. The BillingAccount that this resource belongs to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Optional. A description of this exclusion.", + "type": "string" + }, + "disabled": { + "description": "Optional. If set to True, then this exclusion is disabled and it does not exclude any log entries. You can update an exclusion to change the value of this field.", + "type": "boolean" + }, + "filter": { + "description": "Required. An (https://cloud.google.com/logging/docs/view/advanced-queries#sample), you can exclude less than 100% of the matching log entries. For example, the following query matches 99% of low-severity log entries from Google Cloud Storage buckets: `\"resource.type=gcs_bucket severity", + "type": "string" + }, + "folderRef": { + "description": "Immutable. The Folder that this resource belongs to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "organizationRef": { + "description": "Immutable. The Organization that this resource belongs to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to. Only one of [projectRef, folderRef, organizationRef, billingAccountRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The creation timestamp of the exclusion. This field may not be present for older exclusions.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The last update timestamp of the exclusion. This field may not be present for older exclusions.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/logging.cnrm.cloud.google.com/logginglogmetric_v1beta1.json b/logging.cnrm.cloud.google.com/logginglogmetric_v1beta1.json new file mode 100644 index 00000000..df122582 --- /dev/null +++ b/logging.cnrm.cloud.google.com/logginglogmetric_v1beta1.json @@ -0,0 +1,311 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "bucketOptions": { + "description": "Optional. The `bucket_options` are required when the logs-based metric is using a DISTRIBUTION value type and it describes the bucket boundaries used to create a histogram of the extracted values.", + "properties": { + "explicitBuckets": { + "description": "The explicit buckets.", + "properties": { + "bounds": { + "description": "The values must be monotonically increasing.", + "items": { + "format": "double", + "type": "number" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "exponentialBuckets": { + "description": "The exponential buckets.", + "properties": { + "growthFactor": { + "description": "Must be greater than 1.", + "format": "double", + "type": "number" + }, + "numFiniteBuckets": { + "description": "Must be greater than 0.", + "format": "int64", + "type": "integer" + }, + "scale": { + "description": "Must be greater than 0.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "linearBuckets": { + "description": "The linear bucket.", + "properties": { + "numFiniteBuckets": { + "description": "Must be greater than 0.", + "format": "int64", + "type": "integer" + }, + "offset": { + "description": "Lower bound of the first bucket.", + "format": "double", + "type": "number" + }, + "width": { + "description": "Must be greater than 0.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Optional. A description of this metric, which is used in documentation. The maximum length of the description is 8000 characters.", + "type": "string" + }, + "disabled": { + "description": "Optional. If set to True, then this metric is disabled and it does not generate any points.", + "type": "boolean" + }, + "filter": { + "description": "Required. An [advanced logs filter](https://cloud.google.com/logging/docs/view/advanced_filters) which is used to match log entries. Example: \"resource.type=gae_app AND severity>=ERROR\" The maximum length of the filter is 20000 characters.", + "type": "string" + }, + "labelExtractors": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. A map from a label key string to an extractor expression which is used to extract data from a log entry field and assign as the label value. Each label key specified in the LabelDescriptor must have an associated extractor expression in this map. The syntax of the extractor expression is the same as for the `value_extractor` field. The extracted value is converted to the type defined in the label descriptor. If the either the extraction or the type conversion fails, the label will have a default value. The default value for a string label is an empty string, for an integer label its 0, and for a boolean label its `false`. Note that there are upper bounds on the maximum number of labels and the number of active time series that are allowed in a project.", + "type": "object" + }, + "metricDescriptor": { + "description": "Optional. The metric descriptor associated with the logs-based metric. If unspecified, it uses a default metric descriptor with a DELTA metric kind, INT64 value type, with no labels and a unit of \"1\". Such a metric counts the number of log entries matching the `filter` expression. The `name`, `type`, and `description` fields in the `metric_descriptor` are output only, and is constructed using the `name` and `description` field in the LogMetric. To create a logs-based metric that records a distribution of log values, a DELTA metric kind with a DISTRIBUTION value type must be used along with a `value_extractor` expression in the LogMetric. Each label in the metric descriptor must have a matching label name as the key and an extractor expression as the value in the `label_extractors` map. The `metric_kind` and `value_type` fields in the `metric_descriptor` cannot be updated once initially configured. New labels can be added in the `metric_descriptor`, but existing labels cannot be modified except for their description.", + "properties": { + "displayName": { + "description": "A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example \"Request count\". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota.", + "type": "string" + }, + "labels": { + "description": "The set of labels that can be used to describe a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` metric type has a label for the HTTP response code, `response_code`, so you can look at latencies for successful responses or just for responses that failed.", + "items": { + "properties": { + "description": { + "description": "Immutable. A human-readable description for the label.", + "type": "string" + }, + "key": { + "description": "Immutable. The label key.", + "type": "string" + }, + "valueType": { + "description": "Immutable. The type of data that can be assigned to the label. Possible values: STRING, BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "launchStage": { + "description": "Optional. The launch stage of the metric definition. Possible values: UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED", + "type": "string" + }, + "metadata": { + "description": "Optional. Metadata which can be used to guide usage of the metric.", + "properties": { + "ingestDelay": { + "description": "The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors.", + "type": "string" + }, + "samplePeriod": { + "description": "The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "metricKind": { + "description": "Immutable. Whether the metric records instantaneous values, changes to a value, etc. Some combinations of `metric_kind` and `value_type` might not be supported. Possible values: GAUGE, DELTA, CUMULATIVE", + "type": "string" + }, + "unit": { + "description": "The units in which the metric value is reported. It is only applicable if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit` defines the representation of the stored metric values. Different systems might scale the values to be more easily displayed (so a value of `0.02kBy` _might_ be displayed as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is `kBy`, then the value of the metric is always in thousands of bytes, no matter how it might be displayed. If you want a custom metric to record the exact number of CPU-seconds used by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 CPU-seconds, then the value is written as `12005`. Alternatively, if you want a custom metric to record data in a more granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). The supported units are a subset of [The Unified Code for Units of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar also includes these connectors: * `/` division or ratio (as an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` (although you should almost never have `/s` in a metric `unit`; rates should always be computed at query time from the underlying cumulative or delta value). * `.` multiplication or composition (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The grammar for a unit is as follows: Expression = Component: { \".\" Component } { \"/\" Component } ; Component = ( [ PREFIX ] UNIT | \"%\" ) [ Annotation ] | Annotation | \"1\" ; Annotation = \"{\" NAME \"}\" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. If the annotation is used alone, then the unit is equivalent to `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank printable ASCII characters not containing `{` or `}`. * `1` represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such as in `1/s`. It is typically used when none of the basic units are appropriate. For example, \"new users per day\" can be represented as `1/d` or `{new-users}/d` (and a metric value `5` would mean \"5 new users). Alternatively, \"thousands of page views per day\" would be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric value of `5.3` would mean \"5300 page views per day\"). * `%` represents dimensionless value of 1/100, and annotates values giving a percentage (so the metric values are typically in the range of 0..100, and a metric value `3` means \"3 percent\"). * `10^2.%` indicates a metric contains a ratio, typically in the range 0..1, that will be multiplied by 100 and displayed as a percentage (so a metric value `0.03` means \"3 percent\").", + "type": "string" + }, + "valueType": { + "description": "Immutable. Whether the measurement is an integer, a floating-point number, etc. Some combinations of `metric_kind` and `value_type` might not be supported. Possible values: STRING, BOOL, INT64, DOUBLE, DISTRIBUTION, MONEY", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The resource name of the project in which to create the metric.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "valueExtractor": { + "description": "Optional. A `value_extractor` is required when using a distribution logs-based metric to extract the values to record from a log entry. Two functions are supported for value extraction: `EXTRACT(field)` or `REGEXP_EXTRACT(field, regex)`. The argument are: 1. field: The name of the log entry field from which the value is to be extracted. 2. regex: A regular expression using the Google RE2 syntax (https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified log entry field. The value of the field is converted to a string before applying the regex. It is an error to specify a regex that does not include exactly one capture group. The result of the extraction must be convertible to a double type, as the distribution always records double values. If either the extraction or the conversion to double fails, then those values are not recorded in the distribution. Example: `REGEXP_EXTRACT(jsonPayload.request, \".*quantity=(d+).*\")`", + "type": "string" + } + }, + "required": [ + "filter", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The creation timestamp of the metric. This field may not be present for older metrics.", + "format": "date-time", + "type": "string" + }, + "metricDescriptor": { + "properties": { + "description": { + "description": "A detailed description of the metric, which can be used in documentation.", + "type": "string" + }, + "monitoredResourceTypes": { + "description": "Read-only. If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The resource name of the metric descriptor.", + "type": "string" + }, + "type": { + "description": "The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. Metric types should use a natural hierarchical grouping. For example: \"custom.googleapis.com/invoice/paid/amount\" \"external.googleapis.com/prometheus/up\" \"appengine.googleapis.com/http/server/response_latencies\"", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The last update timestamp of the metric. This field may not be present for older metrics.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/logging.cnrm.cloud.google.com/logginglogsink_v1beta1.json b/logging.cnrm.cloud.google.com/logginglogsink_v1beta1.json new file mode 100644 index 00000000..fcbf7b71 --- /dev/null +++ b/logging.cnrm.cloud.google.com/logginglogsink_v1beta1.json @@ -0,0 +1,515 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "bigqueryOptions": { + "description": "Options that affect sinks exporting data to BigQuery.", + "properties": { + "usePartitionedTables": { + "description": "Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.", + "type": "boolean" + } + }, + "required": [ + "usePartitionedTables" + ], + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "A description of this sink. The maximum length of the description is 8000 characters.", + "type": "string" + }, + "destination": { + "oneOf": [ + { + "required": [ + "bigQueryDatasetRef" + ] + }, + { + "required": [ + "loggingLogBucketRef" + ] + }, + { + "required": [ + "pubSubTopicRef" + ] + }, + { + "required": [ + "storageBucketRef" + ] + } + ], + "properties": { + "bigQueryDatasetRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `bigquery.googleapis.com/projects/{{project}}/datasets/{{value}}`, where {{value}} is the `name` field of a `BigQueryDataset` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "loggingLogBucketRef": { + "description": "Only `external` field is supported to configure the reference.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `logging.googleapis.com/projects/{{project}}/locations/{{location}}/buckets/{{value}}`, where {{value}} is the `name` field of a `LoggingLogBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "pubSubTopicRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `pubsub.googleapis.com/projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "storageBucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `storage.googleapis.com/{{value}}`, where {{value}} is the `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "disabled": { + "description": "If set to True, then this sink is disabled and it does not export any log entries.", + "type": "boolean" + }, + "exclusions": { + "description": "Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.", + "items": { + "properties": { + "description": { + "description": "A description of this exclusion.", + "type": "string" + }, + "disabled": { + "description": "If set to True, then this exclusion is disabled and it does not exclude any log entries.", + "type": "boolean" + }, + "filter": { + "description": "An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries.", + "type": "string" + }, + "name": { + "description": "A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.", + "type": "string" + } + }, + "required": [ + "filter", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "filter": { + "description": "The filter to apply when exporting logs. Only log entries that match the filter are exported.", + "type": "string" + }, + "folderRef": { + "description": "The folder in which to create the sink. Only one of projectRef,\nfolderRef, or organizationRef may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `folderId` field of a `Folder` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "includeChildren": { + "description": "Immutable. Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.", + "type": "boolean" + }, + "organizationRef": { + "description": "The organization in which to create the sink. Only one of projectRef,\nfolderRef, or organizationRef may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `Organization` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "The project in which to create the sink. Only one of projectRef,\nfolderRef, or organizationRef may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "uniqueWriterIdentity": { + "description": "Whether or not to create a unique identity associated with this sink. If false (the default), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true, then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true.", + "type": "boolean" + } + }, + "required": [ + "destination" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "writerIdentity": { + "description": "The identity associated with this sink. This identity must be granted write access to the configured destination.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/logging.cnrm.cloud.google.com/logginglogview_v1beta1.json b/logging.cnrm.cloud.google.com/logginglogview_v1beta1.json new file mode 100644 index 00000000..229f6c91 --- /dev/null +++ b/logging.cnrm.cloud.google.com/logginglogview_v1beta1.json @@ -0,0 +1,366 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "billingAccountRef" + ] + }, + { + "required": [ + "folderRef" + ] + }, + { + "required": [ + "organizationRef" + ] + }, + { + "required": [ + "projectRef" + ] + } + ], + "properties": { + "billingAccountRef": { + "description": "Immutable. The BillingAccount that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "bucketRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The bucket of the resource\n\nAllowed value: The Google Cloud resource name of a `LoggingLogBucket` resource (format: `{{parent}}/locations/{{location}}/buckets/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Describes this view.", + "type": "string" + }, + "filter": { + "description": "Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")", + "type": "string" + }, + "folderRef": { + "description": "Immutable. The Folder that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.", + "type": "string" + }, + "organizationRef": { + "description": "Immutable. The Organization that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`).", + "type": "string" + }, + "name": { + "description": "[WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to. Only one of [billingAccountRef, folderRef, organizationRef, projectRef] may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "bucketRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The creation timestamp of the view.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The last update timestamp of the view.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/memcache.cnrm.cloud.google.com/memcacheinstance_v1beta1.json b/memcache.cnrm.cloud.google.com/memcacheinstance_v1beta1.json new file mode 100644 index 00000000..926a5b2f --- /dev/null +++ b/memcache.cnrm.cloud.google.com/memcacheinstance_v1beta1.json @@ -0,0 +1,316 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "displayName": { + "description": "A user-visible name for the instance.", + "type": "string" + }, + "maintenancePolicy": { + "description": "Maintenance policy for an instance.", + "properties": { + "createTime": { + "description": "Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "description": { + "description": "Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.", + "type": "string" + }, + "updateTime": { + "description": "Output only. The time when the policy was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "weeklyMaintenanceWindow": { + "description": "Required. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number of weekly_maintenance_windows\nis expected to be one.", + "items": { + "properties": { + "day": { + "description": "Required. The day of week that maintenance updates occur.\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"].", + "type": "string" + }, + "duration": { + "description": "Required. The length of the maintenance window, ranging from 3 hours to 8 hours.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "startTime": { + "description": "Required. Start time of the window in UTC time.", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "day", + "duration", + "startTime" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "weeklyMaintenanceWindow" + ], + "type": "object", + "additionalProperties": false + }, + "memcacheParameters": { + "description": "Immutable. User-specified parameters for this memcache instance.", + "properties": { + "id": { + "description": "This is a unique ID associated with this set of parameters.", + "type": "string" + }, + "params": { + "additionalProperties": { + "type": "string" + }, + "description": "User-defined set of parameters to use in the memcache process.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "memcacheVersion": { + "description": "The major version of Memcached software. If not provided, latest supported version will be used.\nCurrently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically\ndetermined by our system based on the latest supported minor version. Default value: \"MEMCACHE_1_5\" Possible values: [\"MEMCACHE_1_5\"].", + "type": "string" + }, + "networkRef": { + "description": "The full name of the network to connect the instance to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/global/networks/{{value}}`, where {{value}} is the `name` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "nodeConfig": { + "description": "Immutable. Configuration for memcache nodes.", + "properties": { + "cpuCount": { + "description": "Number of CPUs per node.", + "type": "integer" + }, + "memorySizeMb": { + "description": "Memory size in Mebibytes for each memcache node.", + "type": "integer" + } + }, + "required": [ + "cpuCount", + "memorySizeMb" + ], + "type": "object", + "additionalProperties": false + }, + "nodeCount": { + "description": "Number of nodes in the memcache instance.", + "type": "integer" + }, + "region": { + "description": "Immutable. The region of the Memcache instance. If it is not provided, the provider region is used.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "zones": { + "description": "Immutable. Zones where memcache nodes should be provisioned. If not\nprovided, all zones will be used.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "nodeConfig", + "nodeCount", + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Creation timestamp in RFC3339 text format.", + "type": "string" + }, + "discoveryEndpoint": { + "description": "Endpoint for Discovery API.", + "type": "string" + }, + "maintenanceSchedule": { + "description": "Output only. Published maintenance schedule.", + "items": { + "properties": { + "endTime": { + "description": "Output only. The end time of any upcoming scheduled maintenance for this instance.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "scheduleDeadlineTime": { + "description": "Output only. The deadline that the maintenance schedule start time\ncan not go beyond, including reschedule.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "startTime": { + "description": "Output only. The start time of any upcoming scheduled maintenance for this instance.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "memcacheFullVersion": { + "description": "The full version of memcached server running on this instance.", + "type": "string" + }, + "memcacheNodes": { + "description": "Additional information about the instance state, if available.", + "items": { + "properties": { + "host": { + "description": "Hostname or IP address of the Memcached node used by the clients to connect to the Memcached server on this node.", + "type": "string" + }, + "nodeId": { + "description": "Identifier of the Memcached node. The node id does not include project or location like the Memcached instance name.", + "type": "string" + }, + "port": { + "description": "The port number of the Memcached server on this node.", + "type": "integer" + }, + "state": { + "description": "Current state of the Memcached node.", + "type": "string" + }, + "zone": { + "description": "Location (GCP Zone) for the Memcached node.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringalertpolicy_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringalertpolicy_v1beta1.json new file mode 100644 index 00000000..f06d81c3 --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringalertpolicy_v1beta1.json @@ -0,0 +1,520 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "alertStrategy": { + "description": "Control over how this alert policy's notification channels are notified.", + "properties": { + "autoClose": { + "description": "If an alert policy that was active has no data for this long, any open incidents will close.", + "type": "string" + }, + "notificationChannelStrategy": { + "description": "Control over how the notification channels in 'notification_channels'\nare notified when this alert fires, on a per-channel basis.", + "items": { + "properties": { + "notificationChannelNames": { + "description": "The notification channels that these settings apply to. Each of these\ncorrespond to the name field in one of the NotificationChannel objects\nreferenced in the notification_channels field of this AlertPolicy. The format is\n'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'.", + "items": { + "type": "string" + }, + "type": "array" + }, + "renotifyInterval": { + "description": "The frequency at which to send reminder notifications for open incidents.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "notificationRateLimit": { + "description": "Required for alert policies with a LogMatch condition.\nThis limit is not implemented for alert policies that are not log-based.", + "properties": { + "period": { + "description": "Not more than one notification per period.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "combiner": { + "description": "How to combine the results of multiple conditions to\ndetermine if an incident should be opened. Possible values: [\"AND\", \"OR\", \"AND_WITH_MATCHING_RESOURCE\"].", + "type": "string" + }, + "conditions": { + "description": "A list of conditions for the policy. The conditions are combined by\nAND or OR according to the combiner field. If the combined conditions\nevaluate to true, then an incident is created. A policy can have from\none to six conditions.", + "items": { + "properties": { + "conditionAbsent": { + "description": "A condition that checks that a time series\ncontinues to receive new data points.", + "properties": { + "aggregations": { + "description": "Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.", + "items": { + "properties": { + "alignmentPeriod": { + "description": "The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"].", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "duration": { + "description": "The amount of time that a time series must\nfail to report new data to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g. 60s, 120s, or 300s\n--are supported.", + "type": "string" + }, + "filter": { + "description": "A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.", + "type": "string" + }, + "trigger": { + "description": "The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations.", + "properties": { + "count": { + "description": "The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.", + "type": "integer" + }, + "percent": { + "description": "The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, + "conditionMatchedLog": { + "description": "A condition that checks for log messages matching given constraints.\nIf set, no other conditions can be present.", + "properties": { + "filter": { + "description": "A logs-based filter.", + "type": "string" + }, + "labelExtractors": { + "additionalProperties": { + "type": "string" + }, + "description": "A map from a label key to an extractor expression, which is used to\nextract the value for this label key. Each entry in this map is\na specification for how data should be extracted from log entries that\nmatch filter. Each combination of extracted values is treated as\na separate rule for the purposes of triggering notifications.\nLabel keys and corresponding values can be used in notifications\ngenerated by this condition.", + "type": "object" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "conditionMonitoringQueryLanguage": { + "description": "A Monitoring Query Language query that outputs a boolean stream.", + "properties": { + "duration": { + "description": "The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.", + "type": "string" + }, + "evaluationMissingData": { + "description": "A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"].", + "type": "string" + }, + "query": { + "description": "Monitoring Query Language query that outputs a boolean stream.", + "type": "string" + }, + "trigger": { + "description": "The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.", + "properties": { + "count": { + "description": "The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.", + "type": "integer" + }, + "percent": { + "description": "The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "duration", + "query" + ], + "type": "object", + "additionalProperties": false + }, + "conditionPrometheusQueryLanguage": { + "description": "A Monitoring Query Language query that outputs a boolean stream\n\nA condition type that allows alert policies to be defined using\nPrometheus Query Language (PromQL).\n\nThe PrometheusQueryLanguageCondition message contains information\nfrom a Prometheus alerting rule and its associated rule group.", + "properties": { + "alertRule": { + "description": "The alerting rule name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.", + "type": "string" + }, + "duration": { + "description": "Alerts are considered firing once their PromQL expression evaluated\nto be \"true\" for this long. Alerts whose PromQL expression was not\nevaluated to be \"true\" for long enough are considered pending. The\ndefault value is zero. Must be zero or positive.", + "type": "string" + }, + "evaluationInterval": { + "description": "How often this rule should be evaluated. Must be a positive multiple\nof 30 seconds or missing. The default value is 30 seconds. If this\nPrometheusQueryLanguageCondition was generated from a Prometheus\nalerting rule, then this value should be taken from the enclosing\nrule group.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels to add to or overwrite in the PromQL query result. Label names\nmust be valid.\n\nLabel values can be templatized by using variables. The only available\nvariable names are the names of the labels in the PromQL result, including\n\"__name__\" and \"value\". \"labels\" may be empty. This field is intended to be\nused for organizing and identifying the AlertPolicy.", + "type": "object" + }, + "query": { + "description": "The PromQL expression to evaluate. Every evaluation cycle this\nexpression is evaluated at the current time, and all resultant time\nseries become pending/firing alerts. This field must not be empty.", + "type": "string" + }, + "ruleGroup": { + "description": "The rule group name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.", + "type": "string" + } + }, + "required": [ + "query" + ], + "type": "object", + "additionalProperties": false + }, + "conditionThreshold": { + "description": "A condition that compares a time series against a\nthreshold.", + "properties": { + "aggregations": { + "description": "Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.This field is similar to the\none in the MetricService.ListTimeSeries\nrequest. It is advisable to use the\nListTimeSeries method when debugging this\nfield.", + "items": { + "properties": { + "alignmentPeriod": { + "description": "The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"].", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "comparison": { + "description": "The comparison to apply between the time\nseries (indicated by filter and aggregation)\nand the threshold (indicated by\nthreshold_value). The comparison is applied\non each time series, with the time series on\nthe left-hand side and the threshold on the\nright-hand side. Only COMPARISON_LT and\nCOMPARISON_GT are supported currently. Possible values: [\"COMPARISON_GT\", \"COMPARISON_GE\", \"COMPARISON_LT\", \"COMPARISON_LE\", \"COMPARISON_EQ\", \"COMPARISON_NE\"].", + "type": "string" + }, + "denominatorAggregations": { + "description": "Specifies the alignment of data points in\nindividual time series selected by\ndenominatorFilter as well as how to combine\nthe retrieved time series together (such as\nwhen aggregating multiple streams on each\nresource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).When\ncomputing ratios, the aggregations and\ndenominator_aggregations fields must use the\nsame alignment period and produce time\nseries that have the same periodicity and\nlabels.This field is similar to the one in\nthe MetricService.ListTimeSeries request. It\nis advisable to use the ListTimeSeries\nmethod when debugging this field.", + "items": { + "properties": { + "alignmentPeriod": { + "description": "The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"].", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "denominatorFilter": { + "description": "A filter that identifies a time series that\nshould be used as the denominator of a ratio\nthat will be compared with the threshold. If\na denominator_filter is specified, the time\nseries specified by the filter field will be\nused as the numerator.The filter is similar\nto the one that is specified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.", + "type": "string" + }, + "duration": { + "description": "The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.", + "type": "string" + }, + "evaluationMissingData": { + "description": "A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"].", + "type": "string" + }, + "filter": { + "description": "A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.", + "type": "string" + }, + "forecastOptions": { + "description": "When this field is present, the 'MetricThreshold'\ncondition forecasts whether the time series is\npredicted to violate the threshold within the\n'forecastHorizon'. When this field is not set, the\n'MetricThreshold' tests the current value of the\ntimeseries against the threshold.", + "properties": { + "forecastHorizon": { + "description": "The length of time into the future to forecast\nwhether a timeseries will violate the threshold.\nIf the predicted value is found to violate the\nthreshold, and the violation is observed in all\nforecasts made for the Configured 'duration',\nthen the timeseries is considered to be failing.", + "type": "string" + } + }, + "required": [ + "forecastHorizon" + ], + "type": "object", + "additionalProperties": false + }, + "thresholdValue": { + "description": "A value against which to compare the time\nseries.", + "type": "number" + }, + "trigger": { + "description": "The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.", + "properties": { + "count": { + "description": "The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.", + "type": "integer" + }, + "percent": { + "description": "The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "comparison", + "duration" + ], + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "A short name or phrase used to identify the\ncondition in dashboards, notifications, and\nincidents. To avoid confusion, don't use the same\ndisplay name for multiple conditions in the same\npolicy.", + "type": "string" + }, + "name": { + "description": "The unique resource name for this condition.\nIts syntax is:\nprojects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID]\n[CONDITION_ID] is assigned by Stackdriver Monitoring when\nthe condition is created as part of a new or updated alerting\npolicy.", + "type": "string" + } + }, + "required": [ + "displayName" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "displayName": { + "description": "A short name or phrase used to identify the policy in\ndashboards, notifications, and incidents. To avoid confusion, don't use\nthe same display name for multiple policies in the same project. The\nname is limited to 512 Unicode characters.", + "type": "string" + }, + "documentation": { + "description": "Documentation that is included with notifications and incidents related\nto this policy. Best practice is for the documentation to include information\nto help responders understand, mitigate, escalate, and correct the underlying\nproblems detected by the alerting policy. Notification channels that have\nlimited capacity might not show this documentation.", + "properties": { + "content": { + "description": "The text of the documentation, interpreted according to mimeType.\nThe content may not exceed 8,192 Unicode characters and may not\nexceed more than 10,240 bytes when encoded in UTF-8 format,\nwhichever is smaller.", + "type": "string" + }, + "mimeType": { + "description": "The format of the content field. Presently, only the value\n\"text/markdown\" is supported.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "enabled": { + "description": "Whether or not the policy is enabled. The default is true.", + "type": "boolean" + }, + "notificationChannels": { + "items": { + "description": "Identifies the notification channels to which notifications should be sent when incidents are opened or closed or when new violations occur on an already opened incident.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `MonitoringNotificationChannel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "required": [ + "combiner", + "conditions", + "displayName" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationRecord": { + "description": "A read-only record of the creation of the alerting policy.\nIf provided in a call to create or update, this field will\nbe ignored.", + "items": { + "properties": { + "mutateTime": { + "description": "When the change occurred.", + "type": "string" + }, + "mutatedBy": { + "description": "The email address of the user making the change.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The unique resource name for this policy.\nIts syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID].", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringdashboard_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringdashboard_v1beta1.json new file mode 100644 index 00000000..74b4dced --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringdashboard_v1beta1.json @@ -0,0 +1,3198 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "columnLayout": { + "description": "The content is divided into equally spaced columns and the widgets are arranged vertically.", + "properties": { + "columns": { + "description": "The columns of content to display.", + "items": { + "properties": { + "weight": { + "description": "The relative weight of this column. The column weight is used to adjust the width of columns on the screen (relative to peers). Greater the weight, greater the width of the column on the screen. If omitted, a value of 1 is used while rendering.", + "format": "int64", + "type": "integer" + }, + "widgets": { + "description": "The display widgets arranged vertically in this column.", + "items": { + "properties": { + "blank": { + "description": "A blank space.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "logsPanel": { + "properties": { + "filter": { + "description": "A filter that chooses which log entries to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.", + "type": "string" + }, + "resourceNames": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "scorecard": { + "description": "A scorecard summarizing time series data.", + "properties": { + "gaugeView": { + "description": "Will cause the scorecard to show a gauge chart.", + "properties": { + "lowerBound": { + "description": "The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.", + "format": "double", + "type": "number" + }, + "upperBound": { + "description": "The upper bound for this gauge chart. The value of the chart should always be less than or equal to this.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "sparkChartView": { + "description": "Will cause the scorecard to show a spark chart.", + "properties": { + "minAlignmentPeriod": { + "description": "The lower bound on data point frequency in the chart implemented by specifying the minimum alignment period to use in a time series query. For example, if the data is published once every 10 minutes it would not make sense to fetch and align data at one minute intervals. This field is optional and exists only as a hint.", + "type": "string" + }, + "sparkChartType": { + "description": "Required. The type of sparkchart to show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, SPARK_BAR", + "type": "string" + } + }, + "required": [ + "sparkChartType" + ], + "type": "object", + "additionalProperties": false + }, + "thresholds": { + "description": "The thresholds used to determine the state of the scorecard given the time series' current value. For an actual value x, the scorecard is in a danger state if x is less than or equal to a danger threshold that triggers below, or greater than or equal to a danger threshold that triggers above. Similarly, if x is above/below a warning threshold that triggers above/below, then the scorecard is in a warning state - unless x also puts it in a danger state. (Danger trumps warning.) As an example, consider a scorecard with the following four thresholds: { value: 90, category: 'DANGER', trigger: 'ABOVE', },: { value: 70, category: 'WARNING', trigger: 'ABOVE', }, { value: 10, category: 'DANGER', trigger: 'BELOW', }, { value: 20, category: 'WARNING', trigger: 'BELOW', } Then: values less than or equal to 10 would put the scorecard in a DANGER state, values greater than 10 but less than or equal to 20 a WARNING state, values strictly between 20 and 70 an OK state, values greater than or equal to 70 but less than 90 a WARNING state, and values greater than or equal to 90 a DANGER state.", + "items": { + "properties": { + "color": { + "description": "The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED", + "type": "string" + }, + "direction": { + "description": "The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW", + "type": "string" + }, + "label": { + "description": "A label for the threshold.", + "type": "string" + }, + "value": { + "description": "The value of the threshold. The value should be defined in the native scale of the metric.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "timeSeriesQuery": { + "description": "Required. Fields for querying time series data from the Stackdriver metrics API.", + "properties": { + "timeSeriesFilter": { + "description": "Filter parameters to fetch time series.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after `aggregation` is applied.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "timeSeriesFilterRatio": { + "description": "Parameters to fetch a ratio between two time series filters.", + "properties": { + "denominator": { + "description": "The denominator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "numerator": { + "description": "The numerator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after the ratio is computed.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeriesQueryLanguage": { + "description": "A query used to fetch time series.", + "type": "string" + }, + "unitOverride": { + "description": "The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeSeriesQuery" + ], + "type": "object", + "additionalProperties": false + }, + "text": { + "description": "A raw string or markdown displaying textual content.", + "properties": { + "content": { + "description": "The text content to be displayed.", + "type": "string" + }, + "format": { + "description": "How the text content is formatted. Possible values: FORMAT_UNSPECIFIED, MARKDOWN, RAW", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "title": { + "description": "Optional. The title of the widget.", + "type": "string" + }, + "xyChart": { + "description": "A chart of time series data.", + "properties": { + "chartOptions": { + "description": "Display options for the chart.", + "properties": { + "mode": { + "description": "The chart mode. Possible values: MODE_UNSPECIFIED, COLOR, X_RAY, STATS", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "dataSets": { + "description": "Required. The data displayed in this chart.", + "items": { + "properties": { + "legendTemplate": { + "description": "A template string for naming `TimeSeries` in the resulting data set. This should be a string with interpolations of the form `${label_name}`, which will resolve to the label's value. ", + "type": "string" + }, + "minAlignmentPeriod": { + "description": "Optional. The lower bound on data point frequency for this data set, implemented by specifying the minimum alignment period to use in a time series query For example, if the data is published once every 10 minutes, the `min_alignment_period` should be at least 10 minutes. It would not make sense to fetch and align data at one minute intervals.", + "type": "string" + }, + "plotType": { + "description": "How this data should be plotted on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, LINE, STACKED_AREA, STACKED_BAR, HEATMAP", + "type": "string" + }, + "timeSeriesQuery": { + "description": "Required. Fields for querying time series data from the Stackdriver metrics API.", + "properties": { + "timeSeriesFilter": { + "description": "Filter parameters to fetch time series.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after `aggregation` is applied.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "timeSeriesFilterRatio": { + "description": "Parameters to fetch a ratio between two time series filters.", + "properties": { + "denominator": { + "description": "The denominator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "numerator": { + "description": "The numerator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after the ratio is computed.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeriesQueryLanguage": { + "description": "A query used to fetch time series.", + "type": "string" + }, + "unitOverride": { + "description": "The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeSeriesQuery" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "thresholds": { + "description": "Threshold lines drawn horizontally across the chart.", + "items": { + "properties": { + "color": { + "description": "The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED", + "type": "string" + }, + "direction": { + "description": "The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW", + "type": "string" + }, + "label": { + "description": "A label for the threshold.", + "type": "string" + }, + "value": { + "description": "The value of the threshold. The value should be defined in the native scale of the metric.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "timeshiftDuration": { + "description": "The duration used to display a comparison chart. A comparison chart simultaneously shows values from two similar-length time periods (e.g., week-over-week metrics). The duration must be positive, and it can only be applied to charts with data sets of LINE plot type.", + "type": "string" + }, + "xAxis": { + "description": "The properties applied to the X axis.", + "properties": { + "label": { + "description": "The label of the axis.", + "type": "string" + }, + "scale": { + "description": "The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "yAxis": { + "description": "The properties applied to the Y axis.", + "properties": { + "label": { + "description": "The label of the axis.", + "type": "string" + }, + "scale": { + "description": "The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "dataSets" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "Required. The mutable, human-readable name.", + "type": "string" + }, + "gridLayout": { + "description": "Content is arranged with a basic layout that re-flows a simple list of informational elements like widgets or tiles.", + "properties": { + "columns": { + "description": "The number of columns into which the view's width is divided. If omitted or set to zero, a system default will be used while rendering.", + "format": "int64", + "type": "integer" + }, + "widgets": { + "description": "The informational elements that are arranged into the columns row-first.", + "items": { + "properties": { + "blank": { + "description": "A blank space.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "logsPanel": { + "properties": { + "filter": { + "description": "A filter that chooses which log entries to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.", + "type": "string" + }, + "resourceNames": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "scorecard": { + "description": "A scorecard summarizing time series data.", + "properties": { + "gaugeView": { + "description": "Will cause the scorecard to show a gauge chart.", + "properties": { + "lowerBound": { + "description": "The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.", + "format": "double", + "type": "number" + }, + "upperBound": { + "description": "The upper bound for this gauge chart. The value of the chart should always be less than or equal to this.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "sparkChartView": { + "description": "Will cause the scorecard to show a spark chart.", + "properties": { + "minAlignmentPeriod": { + "description": "The lower bound on data point frequency in the chart implemented by specifying the minimum alignment period to use in a time series query. For example, if the data is published once every 10 minutes it would not make sense to fetch and align data at one minute intervals. This field is optional and exists only as a hint.", + "type": "string" + }, + "sparkChartType": { + "description": "Required. The type of sparkchart to show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, SPARK_BAR", + "type": "string" + } + }, + "required": [ + "sparkChartType" + ], + "type": "object", + "additionalProperties": false + }, + "thresholds": { + "description": "The thresholds used to determine the state of the scorecard given the time series' current value. For an actual value x, the scorecard is in a danger state if x is less than or equal to a danger threshold that triggers below, or greater than or equal to a danger threshold that triggers above. Similarly, if x is above/below a warning threshold that triggers above/below, then the scorecard is in a warning state - unless x also puts it in a danger state. (Danger trumps warning.) As an example, consider a scorecard with the following four thresholds: { value: 90, category: 'DANGER', trigger: 'ABOVE', },: { value: 70, category: 'WARNING', trigger: 'ABOVE', }, { value: 10, category: 'DANGER', trigger: 'BELOW', }, { value: 20, category: 'WARNING', trigger: 'BELOW', } Then: values less than or equal to 10 would put the scorecard in a DANGER state, values greater than 10 but less than or equal to 20 a WARNING state, values strictly between 20 and 70 an OK state, values greater than or equal to 70 but less than 90 a WARNING state, and values greater than or equal to 90 a DANGER state.", + "items": { + "properties": { + "color": { + "description": "The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED", + "type": "string" + }, + "direction": { + "description": "The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW", + "type": "string" + }, + "label": { + "description": "A label for the threshold.", + "type": "string" + }, + "value": { + "description": "The value of the threshold. The value should be defined in the native scale of the metric.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "timeSeriesQuery": { + "description": "Required. Fields for querying time series data from the Stackdriver metrics API.", + "properties": { + "timeSeriesFilter": { + "description": "Filter parameters to fetch time series.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after `aggregation` is applied.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "timeSeriesFilterRatio": { + "description": "Parameters to fetch a ratio between two time series filters.", + "properties": { + "denominator": { + "description": "The denominator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "numerator": { + "description": "The numerator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after the ratio is computed.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeriesQueryLanguage": { + "description": "A query used to fetch time series.", + "type": "string" + }, + "unitOverride": { + "description": "The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeSeriesQuery" + ], + "type": "object", + "additionalProperties": false + }, + "text": { + "description": "A raw string or markdown displaying textual content.", + "properties": { + "content": { + "description": "The text content to be displayed.", + "type": "string" + }, + "format": { + "description": "How the text content is formatted. Possible values: FORMAT_UNSPECIFIED, MARKDOWN, RAW", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "title": { + "description": "Optional. The title of the widget.", + "type": "string" + }, + "xyChart": { + "description": "A chart of time series data.", + "properties": { + "chartOptions": { + "description": "Display options for the chart.", + "properties": { + "mode": { + "description": "The chart mode. Possible values: MODE_UNSPECIFIED, COLOR, X_RAY, STATS", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "dataSets": { + "description": "Required. The data displayed in this chart.", + "items": { + "properties": { + "legendTemplate": { + "description": "A template string for naming `TimeSeries` in the resulting data set. This should be a string with interpolations of the form `${label_name}`, which will resolve to the label's value. ", + "type": "string" + }, + "minAlignmentPeriod": { + "description": "Optional. The lower bound on data point frequency for this data set, implemented by specifying the minimum alignment period to use in a time series query For example, if the data is published once every 10 minutes, the `min_alignment_period` should be at least 10 minutes. It would not make sense to fetch and align data at one minute intervals.", + "type": "string" + }, + "plotType": { + "description": "How this data should be plotted on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, LINE, STACKED_AREA, STACKED_BAR, HEATMAP", + "type": "string" + }, + "timeSeriesQuery": { + "description": "Required. Fields for querying time series data from the Stackdriver metrics API.", + "properties": { + "timeSeriesFilter": { + "description": "Filter parameters to fetch time series.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after `aggregation` is applied.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "timeSeriesFilterRatio": { + "description": "Parameters to fetch a ratio between two time series filters.", + "properties": { + "denominator": { + "description": "The denominator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "numerator": { + "description": "The numerator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after the ratio is computed.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeriesQueryLanguage": { + "description": "A query used to fetch time series.", + "type": "string" + }, + "unitOverride": { + "description": "The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeSeriesQuery" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "thresholds": { + "description": "Threshold lines drawn horizontally across the chart.", + "items": { + "properties": { + "color": { + "description": "The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED", + "type": "string" + }, + "direction": { + "description": "The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW", + "type": "string" + }, + "label": { + "description": "A label for the threshold.", + "type": "string" + }, + "value": { + "description": "The value of the threshold. The value should be defined in the native scale of the metric.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "timeshiftDuration": { + "description": "The duration used to display a comparison chart. A comparison chart simultaneously shows values from two similar-length time periods (e.g., week-over-week metrics). The duration must be positive, and it can only be applied to charts with data sets of LINE plot type.", + "type": "string" + }, + "xAxis": { + "description": "The properties applied to the X axis.", + "properties": { + "label": { + "description": "The label of the axis.", + "type": "string" + }, + "scale": { + "description": "The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "yAxis": { + "description": "The properties applied to the Y axis.", + "properties": { + "label": { + "description": "The label of the axis.", + "type": "string" + }, + "scale": { + "description": "The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "dataSets" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "mosaicLayout": { + "description": "The content is arranged as a grid of tiles, with each content widget occupying one or more tiles.", + "properties": { + "columns": { + "description": "The number of columns in the mosaic grid.", + "format": "int64", + "type": "integer" + }, + "tiles": { + "description": "The tiles to display.", + "items": { + "properties": { + "height": { + "description": "The height of the tile, measured in grid squares.", + "format": "int64", + "type": "integer" + }, + "widget": { + "description": "The informational widget contained in the tile.", + "properties": { + "blank": { + "description": "A blank space.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "logsPanel": { + "properties": { + "filter": { + "description": "A filter that chooses which log entries to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.", + "type": "string" + }, + "resourceNames": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "scorecard": { + "description": "A scorecard summarizing time series data.", + "properties": { + "gaugeView": { + "description": "Will cause the scorecard to show a gauge chart.", + "properties": { + "lowerBound": { + "description": "The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.", + "format": "double", + "type": "number" + }, + "upperBound": { + "description": "The upper bound for this gauge chart. The value of the chart should always be less than or equal to this.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "sparkChartView": { + "description": "Will cause the scorecard to show a spark chart.", + "properties": { + "minAlignmentPeriod": { + "description": "The lower bound on data point frequency in the chart implemented by specifying the minimum alignment period to use in a time series query. For example, if the data is published once every 10 minutes it would not make sense to fetch and align data at one minute intervals. This field is optional and exists only as a hint.", + "type": "string" + }, + "sparkChartType": { + "description": "Required. The type of sparkchart to show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, SPARK_BAR", + "type": "string" + } + }, + "required": [ + "sparkChartType" + ], + "type": "object", + "additionalProperties": false + }, + "thresholds": { + "description": "The thresholds used to determine the state of the scorecard given the time series' current value. For an actual value x, the scorecard is in a danger state if x is less than or equal to a danger threshold that triggers below, or greater than or equal to a danger threshold that triggers above. Similarly, if x is above/below a warning threshold that triggers above/below, then the scorecard is in a warning state - unless x also puts it in a danger state. (Danger trumps warning.) As an example, consider a scorecard with the following four thresholds: { value: 90, category: 'DANGER', trigger: 'ABOVE', },: { value: 70, category: 'WARNING', trigger: 'ABOVE', }, { value: 10, category: 'DANGER', trigger: 'BELOW', }, { value: 20, category: 'WARNING', trigger: 'BELOW', } Then: values less than or equal to 10 would put the scorecard in a DANGER state, values greater than 10 but less than or equal to 20 a WARNING state, values strictly between 20 and 70 an OK state, values greater than or equal to 70 but less than 90 a WARNING state, and values greater than or equal to 90 a DANGER state.", + "items": { + "properties": { + "color": { + "description": "The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED", + "type": "string" + }, + "direction": { + "description": "The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW", + "type": "string" + }, + "label": { + "description": "A label for the threshold.", + "type": "string" + }, + "value": { + "description": "The value of the threshold. The value should be defined in the native scale of the metric.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "timeSeriesQuery": { + "description": "Required. Fields for querying time series data from the Stackdriver metrics API.", + "properties": { + "timeSeriesFilter": { + "description": "Filter parameters to fetch time series.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after `aggregation` is applied.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "timeSeriesFilterRatio": { + "description": "Parameters to fetch a ratio between two time series filters.", + "properties": { + "denominator": { + "description": "The denominator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "numerator": { + "description": "The numerator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after the ratio is computed.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeriesQueryLanguage": { + "description": "A query used to fetch time series.", + "type": "string" + }, + "unitOverride": { + "description": "The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeSeriesQuery" + ], + "type": "object", + "additionalProperties": false + }, + "text": { + "description": "A raw string or markdown displaying textual content.", + "properties": { + "content": { + "description": "The text content to be displayed.", + "type": "string" + }, + "format": { + "description": "How the text content is formatted. Possible values: FORMAT_UNSPECIFIED, MARKDOWN, RAW", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "title": { + "description": "Optional. The title of the widget.", + "type": "string" + }, + "xyChart": { + "description": "A chart of time series data.", + "properties": { + "chartOptions": { + "description": "Display options for the chart.", + "properties": { + "mode": { + "description": "The chart mode. Possible values: MODE_UNSPECIFIED, COLOR, X_RAY, STATS", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "dataSets": { + "description": "Required. The data displayed in this chart.", + "items": { + "properties": { + "legendTemplate": { + "description": "A template string for naming `TimeSeries` in the resulting data set. This should be a string with interpolations of the form `${label_name}`, which will resolve to the label's value. ", + "type": "string" + }, + "minAlignmentPeriod": { + "description": "Optional. The lower bound on data point frequency for this data set, implemented by specifying the minimum alignment period to use in a time series query For example, if the data is published once every 10 minutes, the `min_alignment_period` should be at least 10 minutes. It would not make sense to fetch and align data at one minute intervals.", + "type": "string" + }, + "plotType": { + "description": "How this data should be plotted on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, LINE, STACKED_AREA, STACKED_BAR, HEATMAP", + "type": "string" + }, + "timeSeriesQuery": { + "description": "Required. Fields for querying time series data from the Stackdriver metrics API.", + "properties": { + "timeSeriesFilter": { + "description": "Filter parameters to fetch time series.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after `aggregation` is applied.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "timeSeriesFilterRatio": { + "description": "Parameters to fetch a ratio between two time series filters.", + "properties": { + "denominator": { + "description": "The denominator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "numerator": { + "description": "The numerator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after the ratio is computed.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeriesQueryLanguage": { + "description": "A query used to fetch time series.", + "type": "string" + }, + "unitOverride": { + "description": "The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeSeriesQuery" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "thresholds": { + "description": "Threshold lines drawn horizontally across the chart.", + "items": { + "properties": { + "color": { + "description": "The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED", + "type": "string" + }, + "direction": { + "description": "The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW", + "type": "string" + }, + "label": { + "description": "A label for the threshold.", + "type": "string" + }, + "value": { + "description": "The value of the threshold. The value should be defined in the native scale of the metric.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "timeshiftDuration": { + "description": "The duration used to display a comparison chart. A comparison chart simultaneously shows values from two similar-length time periods (e.g., week-over-week metrics). The duration must be positive, and it can only be applied to charts with data sets of LINE plot type.", + "type": "string" + }, + "xAxis": { + "description": "The properties applied to the X axis.", + "properties": { + "label": { + "description": "The label of the axis.", + "type": "string" + }, + "scale": { + "description": "The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "yAxis": { + "description": "The properties applied to the Y axis.", + "properties": { + "label": { + "description": "The label of the axis.", + "type": "string" + }, + "scale": { + "description": "The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "dataSets" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "width": { + "description": "The width of the tile, measured in grid squares.", + "format": "int64", + "type": "integer" + }, + "xPos": { + "description": "The zero-indexed position of the tile in grid squares relative to the left edge of the grid.", + "format": "int64", + "type": "integer" + }, + "yPos": { + "description": "The zero-indexed position of the tile in grid squares relative to the top edge of the grid.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project id of the resource.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rowLayout": { + "description": "The content is divided into equally spaced rows and the widgets are arranged horizontally.", + "properties": { + "rows": { + "description": "The rows of content to display.", + "items": { + "properties": { + "weight": { + "description": "The relative weight of this row. The row weight is used to adjust the height of rows on the screen (relative to peers). Greater the weight, greater the height of the row on the screen. If omitted, a value of 1 is used while rendering.", + "format": "int64", + "type": "integer" + }, + "widgets": { + "description": "The display widgets arranged horizontally in this row.", + "items": { + "properties": { + "blank": { + "description": "A blank space.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "logsPanel": { + "properties": { + "filter": { + "description": "A filter that chooses which log entries to return. See [Advanced Logs Queries](https://cloud.google.com/logging/docs/view/advanced-queries). Only log entries that match the filter are returned. An empty filter matches all log entries.", + "type": "string" + }, + "resourceNames": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "scorecard": { + "description": "A scorecard summarizing time series data.", + "properties": { + "gaugeView": { + "description": "Will cause the scorecard to show a gauge chart.", + "properties": { + "lowerBound": { + "description": "The lower bound for this gauge chart. The value of the chart should always be greater than or equal to this.", + "format": "double", + "type": "number" + }, + "upperBound": { + "description": "The upper bound for this gauge chart. The value of the chart should always be less than or equal to this.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "sparkChartView": { + "description": "Will cause the scorecard to show a spark chart.", + "properties": { + "minAlignmentPeriod": { + "description": "The lower bound on data point frequency in the chart implemented by specifying the minimum alignment period to use in a time series query. For example, if the data is published once every 10 minutes it would not make sense to fetch and align data at one minute intervals. This field is optional and exists only as a hint.", + "type": "string" + }, + "sparkChartType": { + "description": "Required. The type of sparkchart to show in this chartView. Possible values: SPARK_CHART_TYPE_UNSPECIFIED, SPARK_LINE, SPARK_BAR", + "type": "string" + } + }, + "required": [ + "sparkChartType" + ], + "type": "object", + "additionalProperties": false + }, + "thresholds": { + "description": "The thresholds used to determine the state of the scorecard given the time series' current value. For an actual value x, the scorecard is in a danger state if x is less than or equal to a danger threshold that triggers below, or greater than or equal to a danger threshold that triggers above. Similarly, if x is above/below a warning threshold that triggers above/below, then the scorecard is in a warning state - unless x also puts it in a danger state. (Danger trumps warning.) As an example, consider a scorecard with the following four thresholds: { value: 90, category: 'DANGER', trigger: 'ABOVE', },: { value: 70, category: 'WARNING', trigger: 'ABOVE', }, { value: 10, category: 'DANGER', trigger: 'BELOW', }, { value: 20, category: 'WARNING', trigger: 'BELOW', } Then: values less than or equal to 10 would put the scorecard in a DANGER state, values greater than 10 but less than or equal to 20 a WARNING state, values strictly between 20 and 70 an OK state, values greater than or equal to 70 but less than 90 a WARNING state, and values greater than or equal to 90 a DANGER state.", + "items": { + "properties": { + "color": { + "description": "The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED", + "type": "string" + }, + "direction": { + "description": "The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW", + "type": "string" + }, + "label": { + "description": "A label for the threshold.", + "type": "string" + }, + "value": { + "description": "The value of the threshold. The value should be defined in the native scale of the metric.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "timeSeriesQuery": { + "description": "Required. Fields for querying time series data from the Stackdriver metrics API.", + "properties": { + "timeSeriesFilter": { + "description": "Filter parameters to fetch time series.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after `aggregation` is applied.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "timeSeriesFilterRatio": { + "description": "Parameters to fetch a ratio between two time series filters.", + "properties": { + "denominator": { + "description": "The denominator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "numerator": { + "description": "The numerator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after the ratio is computed.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeriesQueryLanguage": { + "description": "A query used to fetch time series.", + "type": "string" + }, + "unitOverride": { + "description": "The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeSeriesQuery" + ], + "type": "object", + "additionalProperties": false + }, + "text": { + "description": "A raw string or markdown displaying textual content.", + "properties": { + "content": { + "description": "The text content to be displayed.", + "type": "string" + }, + "format": { + "description": "How the text content is formatted. Possible values: FORMAT_UNSPECIFIED, MARKDOWN, RAW", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "title": { + "description": "Optional. The title of the widget.", + "type": "string" + }, + "xyChart": { + "description": "A chart of time series data.", + "properties": { + "chartOptions": { + "description": "Display options for the chart.", + "properties": { + "mode": { + "description": "The chart mode. Possible values: MODE_UNSPECIFIED, COLOR, X_RAY, STATS", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "dataSets": { + "description": "Required. The data displayed in this chart.", + "items": { + "properties": { + "legendTemplate": { + "description": "A template string for naming `TimeSeries` in the resulting data set. This should be a string with interpolations of the form `${label_name}`, which will resolve to the label's value. ", + "type": "string" + }, + "minAlignmentPeriod": { + "description": "Optional. The lower bound on data point frequency for this data set, implemented by specifying the minimum alignment period to use in a time series query For example, if the data is published once every 10 minutes, the `min_alignment_period` should be at least 10 minutes. It would not make sense to fetch and align data at one minute intervals.", + "type": "string" + }, + "plotType": { + "description": "How this data should be plotted on the chart. Possible values: PLOT_TYPE_UNSPECIFIED, LINE, STACKED_AREA, STACKED_BAR, HEATMAP", + "type": "string" + }, + "timeSeriesQuery": { + "description": "Required. Fields for querying time series data from the Stackdriver metrics API.", + "properties": { + "timeSeriesFilter": { + "description": "Filter parameters to fetch time series.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after `aggregation` is applied.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "timeSeriesFilterRatio": { + "description": "Parameters to fetch a ratio between two time series filters.", + "properties": { + "denominator": { + "description": "The denominator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "numerator": { + "description": "The numerator of the ratio.", + "properties": { + "aggregation": { + "description": "By default, the raw time series data is returned. Use this field to combine multiple time series for different views of the data.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Required. The [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) that identifies the metric types, resources, and projects to query.", + "type": "string" + } + }, + "required": [ + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "pickTimeSeriesFilter": { + "description": "Ranking based time series filter.", + "properties": { + "direction": { + "description": "How to use the ranking to select time series that pass through the filter. Possible values: DIRECTION_UNSPECIFIED, TOP, BOTTOM", + "type": "string" + }, + "numTimeSeries": { + "description": "How many time series to allow to pass through the filter.", + "format": "int64", + "type": "integer" + }, + "rankingMethod": { + "description": "`ranking_method` is applied to each time series independently to produce the value which will be used to compare the time series to other time series. Possible values: METHOD_UNSPECIFIED, METHOD_MEAN, METHOD_MAX, METHOD_MIN, METHOD_SUM, METHOD_LATEST", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secondaryAggregation": { + "description": "Apply a second aggregation after the ratio is computed.", + "properties": { + "alignmentPeriod": { + "description": "The `alignment_period` specifies a time interval, in seconds, that is used to divide the data in all the [time series][google.monitoring.v3.TimeSeries] into consistent blocks of time. This will be done before the per-series aligner can be applied to the data. The value must be at least 60 seconds. If a per-series aligner other than `ALIGN_NONE` is specified, this field is required or an error is returned. If no per-series aligner is specified, or the aligner `ALIGN_NONE` is specified, then this field is ignored.", + "type": "string" + }, + "crossSeriesReducer": { + "description": "The reduction operation to be used to combine time series into a single time series, where the value of each data point in the resulting series is a function of all the already aligned values in the input time series. Not all reducer operations can be applied to all time series. The valid choices depend on the `metric_kind` and the `value_type` of the original time series. Reduction can yield a time series with a different `metric_kind` or `value_type` than the input time series. Time series data must first be aligned (see `per_series_aligner`) in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified, and must not be `ALIGN_NONE`. An `alignment_period` must also be specified; otherwise, an error is returned. Possible values: REDUCE_NONE, REDUCE_MEAN, REDUCE_MIN, REDUCE_MAX, REDUCE_SUM, REDUCE_STDDEV, REDUCE_COUNT, REDUCE_COUNT_TRUE, REDUCE_COUNT_FALSE, REDUCE_FRACTION_TRUE, REDUCE_PERCENTILE_99, REDUCE_PERCENTILE_95, REDUCE_PERCENTILE_50, REDUCE_PERCENTILE_05, REDUCE_FRACTION_LESS_THAN, REDUCE_MAKE_DISTRIBUTION", + "type": "string" + }, + "groupByFields": { + "description": "The set of fields to preserve when `cross_series_reducer` is specified. The `group_by_fields` determine how the time series are partitioned into subsets prior to applying the aggregation operation. Each subset contains time series that have the same value for each of the grouping fields. Each individual time series is a member of exactly one subset. The `cross_series_reducer` is applied to each subset of time series. It is not possible to reduce across different resource types, so this field implicitly contains `resource.type`. Fields not specified in `group_by_fields` are aggregated away. If `group_by_fields` is not specified and all the time series have the same resource type, then the time series are aggregated into a single output time series. If `cross_series_reducer` is not defined, this field is ignored.", + "items": { + "type": "string" + }, + "type": "array" + }, + "perSeriesAligner": { + "description": "An `Aligner` describes how to bring the data points in a single time series into temporal alignment. Except for `ALIGN_NONE`, all alignments cause all the data points in an `alignment_period` to be mathematically grouped together, resulting in a single data point for each `alignment_period` with end timestamp at the end of the period. Not all alignment operations may be applied to all time series. The valid choices depend on the `metric_kind` and `value_type` of the original time series. Alignment can change the `metric_kind` or the `value_type` of the time series. Time series data must be aligned in order to perform cross-time series reduction. If `cross_series_reducer` is specified, then `per_series_aligner` must be specified and not equal to `ALIGN_NONE` and `alignment_period` must be specified; otherwise, an error is returned.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeriesQueryLanguage": { + "description": "A query used to fetch time series.", + "type": "string" + }, + "unitOverride": { + "description": "The unit of data contained in fetched time series. If non-empty, this unit will override any unit that accompanies fetched data. The format is the same as the [`unit`](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors) field in `MetricDescriptor`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "timeSeriesQuery" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "thresholds": { + "description": "Threshold lines drawn horizontally across the chart.", + "items": { + "properties": { + "color": { + "description": "The state color for this threshold. Color is not allowed in a XyChart. Possible values: COLOR_UNSPECIFIED, GREY, BLUE, GREEN, YELLOW, ORANGE, RED", + "type": "string" + }, + "direction": { + "description": "The direction for the current threshold. Direction is not allowed in a XyChart. Possible values: DIRECTION_UNSPECIFIED, ABOVE, BELOW", + "type": "string" + }, + "label": { + "description": "A label for the threshold.", + "type": "string" + }, + "value": { + "description": "The value of the threshold. The value should be defined in the native scale of the metric.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "timeshiftDuration": { + "description": "The duration used to display a comparison chart. A comparison chart simultaneously shows values from two similar-length time periods (e.g., week-over-week metrics). The duration must be positive, and it can only be applied to charts with data sets of LINE plot type.", + "type": "string" + }, + "xAxis": { + "description": "The properties applied to the X axis.", + "properties": { + "label": { + "description": "The label of the axis.", + "type": "string" + }, + "scale": { + "description": "The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "yAxis": { + "description": "The properties applied to the Y axis.", + "properties": { + "label": { + "description": "The label of the axis.", + "type": "string" + }, + "scale": { + "description": "The axis scale. By default, a linear scale is used. Possible values: SCALE_UNSPECIFIED, LINEAR, LOG10", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "dataSets" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "displayName", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "etag": { + "description": "\\`etag\\` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. An \\`etag\\` is returned in the response to \\`GetDashboard\\`, and users are expected to put that etag in the request to \\`UpdateDashboard\\` to ensure that their change will be applied to the same version of the Dashboard configuration. The field should not be passed during dashboard creation.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringgroup_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringgroup_v1beta1.json new file mode 100644 index 00000000..93776bea --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringgroup_v1beta1.json @@ -0,0 +1,184 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "displayName": { + "description": "A user-assigned name for this group, used only for display purposes.", + "type": "string" + }, + "filter": { + "description": "The filter used to determine which monitored resources belong to this group.", + "type": "string" + }, + "isCluster": { + "description": "If true, the members of this group are considered to be a cluster. The system can perform additional analysis on groups that are clusters.", + "type": "boolean" + }, + "parentRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``.\n\nAllowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project of the group\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "required": [ + "displayName", + "filter" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringmetricdescriptor_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringmetricdescriptor_v1beta1.json new file mode 100644 index 00000000..3f4f1abb --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringmetricdescriptor_v1beta1.json @@ -0,0 +1,201 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Immutable. A detailed description of the metric, which can be used in documentation.", + "type": "string" + }, + "displayName": { + "description": "Immutable. A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example \"Request count\". This field is optional but it is recommended to be set for any metrics associated with user-visible concepts, such as Quota.", + "type": "string" + }, + "labels": { + "description": "Immutable. The set of labels that can be used to describe a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` metric type has a label for the HTTP response code, `response_code`, so you can look at latencies for successful responses or just for responses that failed.", + "items": { + "properties": { + "description": { + "description": "Immutable. A human-readable description for the label.", + "type": "string" + }, + "key": { + "description": "Immutable. The key for this label. The key must meet the following criteria: * Does not exceed 100 characters. * Matches the following regular expression: `a-zA-Z*` * The first character must be an upper- or lower-case letter. * The remaining characters must be letters, digits, or underscores.", + "type": "string" + }, + "valueType": { + "description": "Immutable. The type of data that can be assigned to the label. Possible values: STRING, BOOL, INT64", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "launchStage": { + "description": "Immutable. Optional. The launch stage of the metric definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED", + "type": "string" + }, + "metadata": { + "description": "Immutable. Optional. Metadata which can be used to guide usage of the metric.", + "properties": { + "ingestDelay": { + "description": "Immutable. The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors.", + "type": "string" + }, + "launchStage": { + "description": "Immutable. Deprecated. Must use the MetricDescriptor.launch_stage instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED", + "type": "string" + }, + "samplePeriod": { + "description": "Immutable. The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "metricKind": { + "description": "Immutable. Whether the metric records instantaneous values, changes to a value, etc. Some combinations of `metric_kind` and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, GAUGE, DELTA, CUMULATIVE", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. The metric type, including its DNS name prefix. The type is not URL-encoded. All user-defined metric types have the DNS name `custom.googleapis.com` or `external.googleapis.com`. Metric types should use a natural hierarchical grouping. For example: \"custom.googleapis.com/invoice/paid/amount\" \"external.googleapis.com/prometheus/up\" \"appengine.googleapis.com/http/server/response_latencies\"", + "type": "string" + }, + "unit": { + "description": "Immutable. The units in which the metric value is reported. It is only applicable if the `value_type` is `INT64`, `DOUBLE`, or `DISTRIBUTION`. The `unit` defines the representation of the stored metric values. Different systems might scale the values to be more easily displayed (so a value of `0.02kBy` _might_ be displayed as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). However, if the `unit` is `kBy`, then the value of the metric is always in thousands of bytes, no matter how it might be displayed. If you want a custom metric to record the exact number of CPU-seconds used by a job, you can create an `INT64 CUMULATIVE` metric whose `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the job uses 12,005 CPU-seconds, then the value is written as `12005`. Alternatively, if you want a custom metric to record data in a more granular way, you can create a `DOUBLE CUMULATIVE` metric whose `unit` is `ks{CPU}`, and then write the value `12.005` (which is `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). The supported units are a subset of [The Unified Code for Units of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) **Grammar** The grammar also includes these connectors: * `/` division or ratio (as an infix operator). For examples, `kBy/{email}` or `MiBy/10ms` (although you should almost never have `/s` in a metric `unit`; rates should always be computed at query time from the underlying cumulative or delta value). * `.` multiplication or composition (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The grammar for a unit is as follows: Expression = Component: { \".\" Component } { \"/\" Component } ; Component = ( [ PREFIX ] UNIT | \"%\" ) [ Annotation ] | Annotation | \"1\" ; Annotation = \"{\" NAME \"}\" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. If the annotation is used alone, then the unit is equivalent to `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. * `NAME` is a sequence of non-blank printable ASCII characters not containing `{` or `}`. * `1` represents a unitary [dimensionless unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, such as in `1/s`. It is typically used when none of the basic units are appropriate. For example, \"new users per day\" can be represented as `1/d` or `{new-users}/d` (and a metric value `5` would mean \"5 new users). Alternatively, \"thousands of page views per day\" would be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a metric value of `5.3` would mean \"5300 page views per day\"). * `%` represents dimensionless value of 1/100, and annotates values giving a percentage (so the metric values are typically in the range of 0..100, and a metric value `3` means \"3 percent\"). * `10^2.%` indicates a metric contains a ratio, typically in the range 0..1, that will be multiplied by 100 and displayed as a percentage (so a metric value `0.03` means \"3 percent\").", + "type": "string" + }, + "valueType": { + "description": "Immutable. Whether the measurement is an integer, a floating-point number, etc. Some combinations of `metric_kind` and `value_type` might not be supported. Possible values: STRING, BOOL, INT64", + "type": "string" + } + }, + "required": [ + "metricKind", + "projectRef", + "type", + "valueType" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "monitoredResourceTypes": { + "description": "Read-only. If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here.", + "items": { + "type": "string" + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The resource name of the metric descriptor.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringmonitoredproject_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringmonitoredproject_v1beta1.json new file mode 100644 index 00000000..9ab67163 --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringmonitoredproject_v1beta1.json @@ -0,0 +1,81 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "metricsScope": { + "description": "Immutable. Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "metricsScope" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time when this `MonitoredProject` was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringnotificationchannel_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringnotificationchannel_v1beta1.json new file mode 100644 index 00000000..d77f0eba --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringnotificationchannel_v1beta1.json @@ -0,0 +1,286 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.", + "type": "string" + }, + "enabled": { + "description": "Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.", + "type": "boolean" + }, + "forceDelete": { + "description": "If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.", + "type": "boolean" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "sensitiveLabels": { + "description": "Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.", + "properties": { + "authToken": { + "description": "An authorization token for a notification channel. Channel types that support this field include: slack.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "password": { + "description": "An password for a notification channel. Channel types that support this field include: webhook_basicauth.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceKey": { + "description": "An servicekey token for a notification channel. Channel types that support this field include: pagerduty.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "verificationStatus": { + "description": "Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringservice_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringservice_v1beta1.json new file mode 100644 index 00000000..057ecee2 --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringservice_v1beta1.json @@ -0,0 +1,137 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "displayName": { + "description": "Name used for UI elements listing this Service.", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "telemetry": { + "description": "Configuration for how to query telemetry on a Service.", + "properties": { + "resourceName": { + "description": "The full name of the resource that defines this service. Formatted as described in https://cloud.google.com/apis/design/resource_names.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringservicelevelobjective_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringservicelevelobjective_v1beta1.json new file mode 100644 index 00000000..d31ec9e9 --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringservicelevelobjective_v1beta1.json @@ -0,0 +1,539 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "calendarPeriod": { + "description": "A calendar period, semantically \"since the start of the current ``\". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR", + "type": "string" + }, + "displayName": { + "description": "Name used for UI elements listing this SLO.", + "type": "string" + }, + "goal": { + "description": "The fraction of service that must be good in order for this objective to be met. `0 < goal <= 0.999`.", + "format": "double", + "type": "number" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rollingPeriod": { + "description": "A rolling time period, semantically \"in the past ``\". Must be an integer multiple of 1 day no larger than 30 days.", + "type": "string" + }, + "serviceLevelIndicator": { + "description": "The definition of good service, used to measure and calculate the quality of the `Service`'s performance with respect to a single aspect of service quality.", + "properties": { + "basicSli": { + "description": "Basic SLI on a well-known service type.", + "properties": { + "availability": { + "description": "Good service is defined to be the count of requests made to this service that return successfully.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "latency": { + "description": "Good service is defined to be the count of requests made to this service that are fast enough with respect to `latency.threshold`.", + "properties": { + "experience": { + "description": "A description of the experience associated with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, SATISFYING, ANNOYING", + "type": "string" + }, + "threshold": { + "description": "Good service is defined to be the count of requests made to this service that return in no more than `threshold`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "OPTIONAL: The set of locations to which this SLI is relevant. Telemetry from other locations will not be used to calculate performance for this SLI. If omitted, this SLI applies to all locations in which the Service has activity. For service types that don't support breaking down by location, setting this field will result in an error.", + "items": { + "type": "string" + }, + "type": "array" + }, + "method": { + "description": "OPTIONAL: The set of RPCs to which this SLI is relevant. Telemetry from other methods will not be used to calculate performance for this SLI. If omitted, this SLI applies to all the Service's methods. For service types that don't support breaking down by method, setting this field will result in an error.", + "items": { + "type": "string" + }, + "type": "array" + }, + "operationAvailability": { + "description": "Good service is defined to be the count of operations performed by this service that return successfully", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operationLatency": { + "description": "Good service is defined to be the count of operations performed by this service that are fast enough with respect to `operation_latency.threshold`.", + "properties": { + "experience": { + "description": "A description of the experience associated with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, SATISFYING, ANNOYING", + "type": "string" + }, + "threshold": { + "description": "Good service is defined to be the count of operations that are completed in no more than `threshold`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "version": { + "description": "OPTIONAL: The set of API versions to which this SLI is relevant. Telemetry from other API versions will not be used to calculate performance for this SLI. If omitted, this SLI applies to all API versions. For service types that don't support breaking down by version, setting this field will result in an error.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "requestBased": { + "description": "Request-based SLIs", + "properties": { + "distributionCut": { + "description": "`distribution_cut` is used when `good_service` is a count of values aggregated in a `Distribution` that fall into a good range. The `total_service` is the total count of all values aggregated in the `Distribution`.", + "properties": { + "distributionFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` aggregating values. Must have `ValueType = DISTRIBUTION` and `MetricKind = DELTA` or `MetricKind = CUMULATIVE`.", + "type": "string" + }, + "range": { + "description": "Range of values considered \"good.\" For a one-sided range, set one bound to an infinite value.", + "properties": { + "max": { + "description": "Range maximum.", + "format": "double", + "type": "number" + }, + "min": { + "description": "Range minimum.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "goodTotalRatio": { + "description": "`good_total_ratio` is used when the ratio of `good_service` to `total_service` is computed from two `TimeSeries`.", + "properties": { + "badServiceFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying bad service, either demanded service that was not provided or demanded service that was of inadequate quality. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`.", + "type": "string" + }, + "goodServiceFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying good service provided. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`.", + "type": "string" + }, + "totalServiceFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying total demanded service. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "windowsBased": { + "description": "Windows-based SLIs", + "properties": { + "goodBadMetricFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` with `ValueType = BOOL`. The window is good if any `true` values appear in the window.", + "type": "string" + }, + "goodTotalRatioThreshold": { + "description": "A window is good if its `performance` is high enough.", + "properties": { + "basicSliPerformance": { + "description": "`BasicSli` to evaluate to judge window quality.", + "properties": { + "availability": { + "description": "Good service is defined to be the count of requests made to this service that return successfully.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "latency": { + "description": "Good service is defined to be the count of requests made to this service that are fast enough with respect to `latency.threshold`.", + "properties": { + "experience": { + "description": "A description of the experience associated with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, SATISFYING, ANNOYING", + "type": "string" + }, + "threshold": { + "description": "Good service is defined to be the count of requests made to this service that return in no more than `threshold`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "OPTIONAL: The set of locations to which this SLI is relevant. Telemetry from other locations will not be used to calculate performance for this SLI. If omitted, this SLI applies to all locations in which the Service has activity. For service types that don't support breaking down by location, setting this field will result in an error.", + "items": { + "type": "string" + }, + "type": "array" + }, + "method": { + "description": "OPTIONAL: The set of RPCs to which this SLI is relevant. Telemetry from other methods will not be used to calculate performance for this SLI. If omitted, this SLI applies to all the Service's methods. For service types that don't support breaking down by method, setting this field will result in an error.", + "items": { + "type": "string" + }, + "type": "array" + }, + "operationAvailability": { + "description": "Good service is defined to be the count of operations performed by this service that return successfully", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "operationLatency": { + "description": "Good service is defined to be the count of operations performed by this service that are fast enough with respect to `operation_latency.threshold`.", + "properties": { + "experience": { + "description": "A description of the experience associated with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, SATISFYING, ANNOYING", + "type": "string" + }, + "threshold": { + "description": "Good service is defined to be the count of operations that are completed in no more than `threshold`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "version": { + "description": "OPTIONAL: The set of API versions to which this SLI is relevant. Telemetry from other API versions will not be used to calculate performance for this SLI. If omitted, this SLI applies to all API versions. For service types that don't support breaking down by version, setting this field will result in an error.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "performance": { + "description": "`RequestBasedSli` to evaluate to judge window quality.", + "properties": { + "distributionCut": { + "description": "`distribution_cut` is used when `good_service` is a count of values aggregated in a `Distribution` that fall into a good range. The `total_service` is the total count of all values aggregated in the `Distribution`.", + "properties": { + "distributionFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` aggregating values. Must have `ValueType = DISTRIBUTION` and `MetricKind = DELTA` or `MetricKind = CUMULATIVE`.", + "type": "string" + }, + "range": { + "description": "Range of values considered \"good.\" For a one-sided range, set one bound to an infinite value.", + "properties": { + "max": { + "description": "Range maximum.", + "format": "double", + "type": "number" + }, + "min": { + "description": "Range minimum.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "goodTotalRatio": { + "description": "`good_total_ratio` is used when the ratio of `good_service` to `total_service` is computed from two `TimeSeries`.", + "properties": { + "badServiceFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying bad service, either demanded service that was not provided or demanded service that was of inadequate quality. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`.", + "type": "string" + }, + "goodServiceFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying good service provided. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`.", + "type": "string" + }, + "totalServiceFilter": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying a `TimeSeries` quantifying total demanded service. Must have `ValueType = DOUBLE` or `ValueType = INT64` and must have `MetricKind = DELTA` or `MetricKind = CUMULATIVE`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "threshold": { + "description": "If window `performance >= threshold`, the window is counted as good.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "metricMeanInRange": { + "description": "A window is good if the metric's value is in a good range, averaged across returned streams.", + "properties": { + "range": { + "description": "Range of values considered \"good.\" For a one-sided range, set one bound to an infinite value.", + "properties": { + "max": { + "description": "Range maximum.", + "format": "double", + "type": "number" + }, + "min": { + "description": "Range minimum.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeries": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying the `TimeSeries` to use for evaluating window quality.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "metricSumInRange": { + "description": "A window is good if the metric's value is in a good range, summed across returned streams.", + "properties": { + "range": { + "description": "Range of values considered \"good.\" For a one-sided range, set one bound to an infinite value.", + "properties": { + "max": { + "description": "Range maximum.", + "format": "double", + "type": "number" + }, + "min": { + "description": "Range minimum.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeSeries": { + "description": "A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) specifying the `TimeSeries` to use for evaluating window quality.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "windowPeriod": { + "description": "Duration over which window quality is evaluated. Must be an integer fraction of a day and at least `60s`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The service for the resource\n\nAllowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "goal", + "projectRef", + "serviceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time stamp of the `Create` or most recent `Update` command on this `Slo`.", + "format": "date-time", + "type": "string" + }, + "deleteTime": { + "description": "Time stamp of the `Update` or `Delete` command that made this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, because it is always empty in the current version. It is populated in `ServiceLevelObjective`s representing previous versions in the output of `ListServiceLevelObjectiveVersions`. Because all old configuration versions are stored, `Update` operations mark the obsoleted version as deleted.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "serviceManagementOwned": { + "description": "Output only. If set, this SLO is managed at the [Service Management](https://cloud.google.com/service-management/overview) level. Therefore the service yaml file is the source of truth for this SLO, and API `Update` and `Delete` operations are forbidden.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/monitoring.cnrm.cloud.google.com/monitoringuptimecheckconfig_v1beta1.json b/monitoring.cnrm.cloud.google.com/monitoringuptimecheckconfig_v1beta1.json new file mode 100644 index 00000000..23717d47 --- /dev/null +++ b/monitoring.cnrm.cloud.google.com/monitoringuptimecheckconfig_v1beta1.json @@ -0,0 +1,380 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "contentMatchers": { + "description": "The content that is expected to appear in the data returned by the target server against which the check is run. Currently, only the first entry in the `content_matchers` list is supported, and additional entries will be ignored. This field is optional and should only be specified if a content match is required as part of the/ Uptime check.", + "items": { + "properties": { + "content": { + "type": "string" + }, + "matcher": { + "description": " Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX", + "type": "string" + } + }, + "required": [ + "content" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "displayName": { + "description": "A human-friendly name for the Uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced. Required.", + "type": "string" + }, + "httpCheck": { + "description": "Contains information needed to make an HTTP or HTTPS check.", + "properties": { + "authInfo": { + "description": "The authentication information. Optional when creating an HTTP check; defaults to empty.", + "properties": { + "password": { + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "username": { + "type": "string" + } + }, + "required": [ + "password", + "username" + ], + "type": "object", + "additionalProperties": false + }, + "body": { + "description": "The request body associated with the HTTP POST request. If `content_type` is `URL_ENCODED`, the body passed in must be URL-encoded. Users can provide a `Content-Length` header via the `headers` field or the API will do so. If the `request_method` is `GET` and `body` is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note: As with all `bytes` fields JSON representations are base64 encoded. e.g.: \"foo=bar\" in URL-encoded form is \"foo%3Dbar\" and in base64 encoding is \"Zm9vJTI1M0RiYXI=\".", + "type": "string" + }, + "contentType": { + "description": "Immutable. The content type to use for the check. Possible values: TYPE_UNSPECIFIED, URL_ENCODED", + "type": "string" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "The list of headers to send as part of the Uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt (page 31). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100.", + "type": "object" + }, + "maskHeaders": { + "description": "Immutable. Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if `mask_headers` is set to `true` then the headers will be obscured with `******.`", + "type": "boolean" + }, + "path": { + "description": "Optional (defaults to \"/\"). The path to the page against which to run the check. Will be combined with the `host` (specified within the `monitored_resource`) and `port` to construct the full URL. If the provided path does not begin with \"/\", a \"/\" will be prepended automatically.", + "type": "string" + }, + "port": { + "description": "Optional (defaults to 80 when `use_ssl` is `false`, and 443 when `use_ssl` is `true`). The TCP port on the HTTP server against which to run the check. Will be combined with host (specified within the `monitored_resource`) and `path` to construct the full URL.", + "format": "int64", + "type": "integer" + }, + "requestMethod": { + "description": "Immutable. The HTTP request method to use for the check. If set to `METHOD_UNSPECIFIED` then `request_method` defaults to `GET`.", + "type": "string" + }, + "useSsl": { + "description": "If `true`, use HTTPS instead of HTTP to run the check.", + "type": "boolean" + }, + "validateSsl": { + "description": "Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where `monitored_resource` is set to `uptime_url`. If `use_ssl` is `false`, setting `validate_ssl` to `true` has no effect.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "monitoredResource": { + "description": "Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) associated with the configuration. The following monitored resource types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`", + "properties": { + "filterLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable.", + "type": "object" + }, + "type": { + "description": "Immutable.", + "type": "string" + } + }, + "required": [ + "filterLabels", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "period": { + "description": "How often, in seconds, the Uptime check is performed. Currently, the only supported values are `60s` (1 minute), `300s` (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, defaults to `60s`.", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for this uptime check config.\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceGroup": { + "description": "Immutable. The group resource associated with the configuration.", + "properties": { + "groupRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`.\n\nAllowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceType": { + "description": "Immutable. The resource type of the group members. Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "selectedRegions": { + "description": "The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions must be provided to include a minimum of 3 locations. Not specifying this field will result in Uptime checks running from all available regions.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tcpCheck": { + "description": "Contains information needed to make a TCP check.", + "properties": { + "port": { + "description": "The TCP port on the server against which to run the check. Will be combined with host (specified within the `monitored_resource`) to construct the full URL. Required.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). Required.", + "type": "string" + } + }, + "required": [ + "displayName", + "projectRef", + "timeout" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkconnectivity.cnrm.cloud.google.com/networkconnectivityhub_v1beta1.json b/networkconnectivity.cnrm.cloud.google.com/networkconnectivityhub_v1beta1.json new file mode 100644 index 00000000..c3f0a2b2 --- /dev/null +++ b/networkconnectivity.cnrm.cloud.google.com/networkconnectivityhub_v1beta1.json @@ -0,0 +1,158 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "An optional description of the hub.", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time the hub was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "routingVpcs": { + "description": "The VPC network associated with this hub's spokes. All of the VPN tunnels, VLAN attachments, and router appliance instances referenced by this hub's spokes must belong to this VPC network. This field is read-only. Network Connectivity Center automatically populates it based on the set of spokes attached to the hub.", + "items": { + "properties": { + "uri": { + "description": "The URI of the VPC network.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "state": { + "description": "Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING", + "type": "string" + }, + "uniqueId": { + "description": "Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id.", + "type": "string" + }, + "updateTime": { + "description": "Output only. The time the hub was last updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkconnectivity.cnrm.cloud.google.com/networkconnectivityspoke_v1beta1.json b/networkconnectivity.cnrm.cloud.google.com/networkconnectivityspoke_v1beta1.json new file mode 100644 index 00000000..24d01951 --- /dev/null +++ b/networkconnectivity.cnrm.cloud.google.com/networkconnectivityspoke_v1beta1.json @@ -0,0 +1,482 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "An optional description of the spoke.", + "type": "string" + }, + "hubRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Immutable. The URI of the hub that this spoke is attached to.\n\nAllowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "linkedInterconnectAttachments": { + "description": "Immutable. A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.", + "properties": { + "siteToSiteDataTransfer": { + "description": "Immutable. A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.", + "type": "boolean" + }, + "uris": { + "description": "Immutable.", + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "siteToSiteDataTransfer", + "uris" + ], + "type": "object", + "additionalProperties": false + }, + "linkedRouterApplianceInstances": { + "description": "Immutable. The URIs of linked Router appliance resources", + "properties": { + "instances": { + "description": "Immutable. The list of router appliance instances", + "items": { + "properties": { + "ipAddress": { + "description": "Immutable. The IP address on the VM to use for peering.", + "type": "string" + }, + "virtualMachineRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The URI of the virtual machine resource\n\nAllowed value: The `selfLink` field of a `ComputeInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "siteToSiteDataTransfer": { + "description": "Immutable. A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.", + "type": "boolean" + } + }, + "required": [ + "instances", + "siteToSiteDataTransfer" + ], + "type": "object", + "additionalProperties": false + }, + "linkedVPCNetwork": { + "description": "Immutable. VPC network that is associated with the spoke.", + "properties": { + "excludeExportRanges": { + "description": "Immutable. IP ranges encompassing the subnets to be excluded from peering.", + "items": { + "type": "string" + }, + "type": "array" + }, + "uriRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The URI of the VPC network resource.\n\nAllowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "uriRef" + ], + "type": "object", + "additionalProperties": false + }, + "linkedVpnTunnels": { + "description": "Immutable. The URIs of linked VPN tunnel resources", + "properties": { + "siteToSiteDataTransfer": { + "description": "Immutable. A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.", + "type": "boolean" + }, + "uris": { + "description": "Immutable.", + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeVPNTunnel` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "siteToSiteDataTransfer", + "uris" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "hubRef", + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time the spoke was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Output only. The current lifecycle state of this spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING", + "type": "string" + }, + "uniqueId": { + "description": "Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id.", + "type": "string" + }, + "updateTime": { + "description": "Output only. The time the spoke was last updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networksecurity.cnrm.cloud.google.com/networksecurityauthorizationpolicy_v1beta1.json b/networksecurity.cnrm.cloud.google.com/networksecurityauthorizationpolicy_v1beta1.json new file mode 100644 index 00000000..5585e053 --- /dev/null +++ b/networksecurity.cnrm.cloud.google.com/networksecurityauthorizationpolicy_v1beta1.json @@ -0,0 +1,235 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "action": { + "description": "Required. The action to take when a rule match is found. Possible values are \"ALLOW\" or \"DENY\". Possible values: ACTION_UNSPECIFIED, ALLOW, DENY", + "type": "string" + }, + "description": { + "description": "Optional. Free-text description of the resource.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rules": { + "description": "Optional. List of rules to match. If not set, the action specified in the \u2018action\u2019 field will be applied without any additional rule checks.", + "items": { + "properties": { + "destinations": { + "description": "Optional. List of attributes for the traffic destination. If not set, the action specified in the \u2018action\u2019 field will be applied without any rule checks for the destination.", + "items": { + "properties": { + "hosts": { + "description": "Required. List of host names to match. Matched against HOST header in http requests. Each host can be an exact match, or a prefix match (example, \u201cmydomain.*\u201d) or a suffix match (example, *.myorg.com\u201d) or a presence(any) match \u201c*\u201d.", + "items": { + "type": "string" + }, + "type": "array" + }, + "httpHeaderMatch": { + "description": "Optional. Match against key:value pair in http header. Provides a flexible match based on HTTP headers, for potentially advanced use cases.", + "properties": { + "headerName": { + "description": "Required. The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name \":authority\". For matching a request's method, use the headerName \":method\".", + "type": "string" + }, + "regexMatch": { + "description": "Required. The value of the header must match the regular expression specified in regexMatch. For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript For matching against a port specified in the HTTP request, use a headerMatch with headerName set to Host and a regular expression that satisfies the RFC2616 Host header's port specifier.", + "type": "string" + } + }, + "required": [ + "headerName", + "regexMatch" + ], + "type": "object", + "additionalProperties": false + }, + "methods": { + "description": "Optional. A list of HTTP methods to match. Should not be set for gRPC services.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ports": { + "description": "Required. List of destination ports to match.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "hosts", + "ports" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sources": { + "description": "Optional. List of attributes for the traffic source. If not set, the action specified in the \u2018action\u2019 field will be applied without any rule checks for the source.", + "items": { + "properties": { + "ipBlocks": { + "description": "Optional. List of CIDR ranges to match based on source IP address. Single IP (e.g., \"1.2.3.4\") and CIDR (e.g., \"1.2.3.0/24\") are supported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "principals": { + "description": "Optional. List of peer identities to match for authorization. Each peer can be an exact match, or a prefix match (example, \u201cnamespace/*\u201d) or a suffix match (example, */service-account\u201d) or a presence match \u201c*\u201d.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "action", + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networksecurity.cnrm.cloud.google.com/networksecurityclienttlspolicy_v1beta1.json b/networksecurity.cnrm.cloud.google.com/networksecurityclienttlspolicy_v1beta1.json new file mode 100644 index 00000000..bf1d6488 --- /dev/null +++ b/networksecurity.cnrm.cloud.google.com/networksecurityclienttlspolicy_v1beta1.json @@ -0,0 +1,217 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "clientCertificate": { + "description": "Optional. Defines a mechanism to provision client identity (public and private keys) for peer to peer authentication. The presence of this dictates mTLS.", + "properties": { + "certificateProviderInstance": { + "description": "The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.", + "properties": { + "pluginInstance": { + "description": "Required. Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to \"google_cloud_private_spiffe\" to use Certificate Authority Service certificate provider instance.", + "type": "string" + } + }, + "required": [ + "pluginInstance" + ], + "type": "object", + "additionalProperties": false + }, + "grpcEndpoint": { + "description": "gRPC specific configuration to access the gRPC server to obtain the cert and private key.", + "properties": { + "targetUri": { + "description": "Required. The target URI of the gRPC endpoint. Only UDS path is supported, and should start with \u201cunix:\u201d.", + "type": "string" + } + }, + "required": [ + "targetUri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Optional. Free-text description of the resource.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serverValidationCa": { + "description": "Required. Defines the mechanism to obtain the Certificate Authority certificate to validate the server certificate.", + "items": { + "properties": { + "certificateProviderInstance": { + "description": "The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.", + "properties": { + "pluginInstance": { + "description": "Required. Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to \"google_cloud_private_spiffe\" to use Certificate Authority Service certificate provider instance.", + "type": "string" + } + }, + "required": [ + "pluginInstance" + ], + "type": "object", + "additionalProperties": false + }, + "grpcEndpoint": { + "description": "gRPC specific configuration to access the gRPC server to obtain the CA certificate.", + "properties": { + "targetUri": { + "description": "Required. The target URI of the gRPC endpoint. Only UDS path is supported, and should start with \u201cunix:\u201d.", + "type": "string" + } + }, + "required": [ + "targetUri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "sni": { + "description": "Optional. Server Name Indication string to present to the server during TLS handshake. E.g: \"secure.example.com\".", + "type": "string" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networksecurity.cnrm.cloud.google.com/networksecurityservertlspolicy_v1beta1.json b/networksecurity.cnrm.cloud.google.com/networksecurityservertlspolicy_v1beta1.json new file mode 100644 index 00000000..b10eed42 --- /dev/null +++ b/networksecurity.cnrm.cloud.google.com/networksecurityservertlspolicy_v1beta1.json @@ -0,0 +1,227 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "allowOpen": { + "description": "Optional. Determines if server allows plaintext connections. If set to true, server allows plain text connections. By default, it is set to false. This setting is not exclusive of other encryption modes. For example, if allow_open and mtls_policy are set, server allows both plain text and mTLS connections. See documentation of other encryption modes to confirm compatibility.", + "type": "boolean" + }, + "description": { + "description": "Optional. Free-text description of the resource.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "mtlsPolicy": { + "description": "Optional. Defines a mechanism to provision peer validation certificates for peer to peer authentication (Mutual TLS - mTLS). If not specified, client certificate will not be requested. The connection is treated as TLS and not mTLS. If allow_open and mtls_policy are set, server allows both plain text and mTLS connections.", + "properties": { + "clientValidationCa": { + "description": "Required. Defines the mechanism to obtain the Certificate Authority certificate to validate the client certificate.", + "items": { + "properties": { + "certificateProviderInstance": { + "description": "The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.", + "properties": { + "pluginInstance": { + "description": "Required. Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to \"google_cloud_private_spiffe\" to use Certificate Authority Service certificate provider instance.", + "type": "string" + } + }, + "required": [ + "pluginInstance" + ], + "type": "object", + "additionalProperties": false + }, + "grpcEndpoint": { + "description": "gRPC specific configuration to access the gRPC server to obtain the CA certificate.", + "properties": { + "targetUri": { + "description": "Required. The target URI of the gRPC endpoint. Only UDS path is supported, and should start with \u201cunix:\u201d.", + "type": "string" + } + }, + "required": [ + "targetUri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "clientValidationCa" + ], + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serverCertificate": { + "description": "Optional. Defines a mechanism to provision server identity (public and private keys). Cannot be combined with allow_open as a permissive mode that allows both plain text and TLS is not supported.", + "properties": { + "certificateProviderInstance": { + "description": "The certificate provider instance specification that will be passed to the data plane, which will be used to load necessary credential information.", + "properties": { + "pluginInstance": { + "description": "Required. Plugin instance name, used to locate and load CertificateProvider instance configuration. Set to \"google_cloud_private_spiffe\" to use Certificate Authority Service certificate provider instance.", + "type": "string" + } + }, + "required": [ + "pluginInstance" + ], + "type": "object", + "additionalProperties": false + }, + "grpcEndpoint": { + "description": "gRPC specific configuration to access the gRPC server to obtain the cert and private key.", + "properties": { + "targetUri": { + "description": "Required. The target URI of the gRPC endpoint. Only UDS path is supported, and should start with \u201cunix:\u201d.", + "type": "string" + } + }, + "required": [ + "targetUri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkservices.cnrm.cloud.google.com/networkservicesendpointpolicy_v1beta1.json b/networkservices.cnrm.cloud.google.com/networkservicesendpointpolicy_v1beta1.json new file mode 100644 index 00000000..911e9256 --- /dev/null +++ b/networkservices.cnrm.cloud.google.com/networkservicesendpointpolicy_v1beta1.json @@ -0,0 +1,348 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "authorizationPolicyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. This field specifies the URL of AuthorizationPolicy resource that applies authorization policies to the inbound traffic at the matched endpoints. Refer to Authorization. If this field is not specified, authorization is disabled(no authz checks) for this endpoint.\n\nAllowed value: The Google Cloud resource name of a `NetworkSecurityAuthorizationPolicy` resource (format: `projects/{{project}}/locations/{{location}}/authorizationPolicies/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientTlsPolicyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A URL referring to a ClientTlsPolicy resource. ClientTlsPolicy can be set to specify the authentication for traffic from the proxy to the actual endpoints. More specifically, it is applied to the outgoing traffic from the proxy to the endpoint. This is typically used for sidecar model where the proxy identifies itself as endpoint to the control plane, with the connection between sidecar and endpoint requiring authentication. If this field is not set, authentication is disabled(open). Applicable only when EndpointPolicyType is SIDECAR_PROXY.\n\nAllowed value: The Google Cloud resource name of a `NetworkSecurityClientTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/clientTlsPolicies/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Optional. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "endpointMatcher": { + "description": "Required. A matcher that selects endpoints to which the policies should be applied.", + "properties": { + "metadataLabelMatcher": { + "description": "The matcher is based on node metadata presented by xDS clients.", + "properties": { + "metadataLabelMatchCriteria": { + "description": "Specifies how matching should be done. Supported values are: MATCH_ANY: At least one of the Labels specified in the matcher should match the metadata presented by xDS client. MATCH_ALL: The metadata presented by the xDS client should contain all of the labels specified here. The selection is determined based on the best match. For example, suppose there are three EndpointPolicy resources P1, P2 and P3 and if P1 has a the matcher as MATCH_ANY , P2 has MATCH_ALL , and P3 has MATCH_ALL . If a client with label connects, the config from P1 will be selected. If a client with label connects, the config from P2 will be selected. If a client with label connects, the config from P3 will be selected. If there is more than one best match, (for example, if a config P4 with selector exists and if a client with label connects), an error will be thrown. Possible values: METADATA_LABEL_MATCH_CRITERIA_UNSPECIFIED, MATCH_ANY, MATCH_ALL", + "type": "string" + }, + "metadataLabels": { + "description": "The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list can have at most 64 entries. The list can be empty if the match criteria is MATCH_ANY, to specify a wildcard match (i.e this matches any client).", + "items": { + "properties": { + "labelName": { + "description": "Required. Label name presented as key in xDS Node Metadata.", + "type": "string" + }, + "labelValue": { + "description": "Required. Label value presented as value corresponding to the above key, in xDS Node Metadata.", + "type": "string" + } + }, + "required": [ + "labelName", + "labelValue" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serverTlsPolicyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A URL referring to ServerTlsPolicy resource. ServerTlsPolicy is used to determine the authentication policy to be applied to terminate the inbound traffic at the identified backends. If this field is not set, authentication is disabled(open) for this endpoint.\n\nAllowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "trafficPortSelector": { + "description": "Optional. Port selector for the (matched) endpoints. If no port selector is provided, the matched config is applied to all ports.", + "properties": { + "ports": { + "description": "Optional. A list of ports. Can be port numbers or port range (example, specifies all ports from 80 to 90, including 80 and 90) or named ports or * to specify all ports. If the list is empty, all ports are selected.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Required. The type of endpoint config. This is primarily used to validate the configuration. Possible values: ENDPOINT_CONFIG_SELECTOR_TYPE_UNSPECIFIED, SIDECAR_PROXY, GRPC_SERVER", + "type": "string" + } + }, + "required": [ + "endpointMatcher", + "location", + "projectRef", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkservices.cnrm.cloud.google.com/networkservicesgateway_v1beta1.json b/networkservices.cnrm.cloud.google.com/networkservicesgateway_v1beta1.json new file mode 100644 index 00000000..85fa465e --- /dev/null +++ b/networkservices.cnrm.cloud.google.com/networkservicesgateway_v1beta1.json @@ -0,0 +1,219 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "addresses": { + "description": "One or more addresses with ports in format of \":\" that the Gateway must receive traffic on. The proxy binds to the ports specified. IP address can be anything that is allowed by the underlying infrastructure (auto-allocation, static IP, BYOIP).", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "description": "Optional. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "ports": { + "description": "Required. One or more ports that the Gateway must receive traffic on. The proxy binds to the ports specified. Gateway listen on 0.0.0.0 on the ports specified below.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "scope": { + "description": "Immutable. Required. Immutable. Scope determines how configuration across multiple Gateway instances are merged. The configuration for multiple Gateway instances with the same scope will be merged as presented as a single coniguration to the proxy/load balancer. Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.", + "type": "string" + }, + "serverTlsPolicyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Optional. A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated. If empty, TLS termination is disabled.\n\nAllowed value: The Google Cloud resource name of a `NetworkSecurityServerTLSPolicy` resource (format: `projects/{{project}}/locations/{{location}}/serverTlsPolicies/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "description": "Immutable. Immutable. The type of the customer managed gateway. Possible values: TYPE_UNSPECIFIED, OPEN_MESH, SECURE_WEB_GATEWAY", + "type": "string" + } + }, + "required": [ + "location", + "ports", + "projectRef", + "scope" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "Output only. Server-defined URL of this resource", + "type": "string" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkservices.cnrm.cloud.google.com/networkservicesgrpcroute_v1beta1.json b/networkservices.cnrm.cloud.google.com/networkservicesgrpcroute_v1beta1.json new file mode 100644 index 00000000..3d651c30 --- /dev/null +++ b/networkservices.cnrm.cloud.google.com/networkservicesgrpcroute_v1beta1.json @@ -0,0 +1,471 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Optional. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "gateways": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "hostnames": { + "description": "Required. Service hostnames with an optional port for which this route describes traffic. Format: [:] Hostname is the fully qualified domain name of a network host. This matches the RFC 1123 definition of a hostname with 2 notable exceptions: - IPs are not allowed. - A hostname may be prefixed with a wildcard label (*.). The wildcard label must appear by itself as the first label. Hostname can be \u201cprecise\u201d which is a domain name without the terminating dot of a network host (e.g. \u201cfoo.example.com\u201d) or \u201cwildcard\u201d, which is a domain name prefixed with a single wildcard label (e.g. *.example.com). Note that as per RFC1035 and RFC1123, a label must consist of lower case alphanumeric characters or \u2018-\u2019, and must start and end with an alphanumeric character. No other punctuation is allowed. The routes associated with a Router must have unique hostnames. If you attempt to attach multiple routes with conflicting hostnames, the configuration will be rejected. For example, while it is acceptable for routes for the hostnames \"*.foo.bar.com\" and \"*.bar.com\" to be associated with the same route, it is not possible to associate two routes both with \"*.bar.com\" or both with \"bar.com\". In the case that multiple routes match the hostname, the most specific match will be selected. For example, \"foo.bar.baz.com\" will take precedence over \"*.bar.baz.com\" and \"*.bar.baz.com\" will take precedence over \"*.baz.com\". If a port is specified, then gRPC clients must use the channel URI with the port to match this rule (i.e. \"xds:///service:123\"), otherwise they must supply the URI without a port (i.e. \"xds:///service\").", + "items": { + "type": "string" + }, + "type": "array" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "meshes": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rules": { + "description": "Required. A list of detailed rules defining how to route traffic. Within a single GrpcRoute, the GrpcRoute.RouteAction associated with the first matching GrpcRoute.RouteRule will be executed. At least one rule must be supplied.", + "items": { + "properties": { + "action": { + "description": "Required. A detailed rule defining how to route traffic. This field is required.", + "properties": { + "destinations": { + "description": "Optional. The destination services to which traffic should be forwarded. If multiple destinations are specified, traffic will be split between Backend Service(s) according to the weight field of these destinations.", + "items": { + "properties": { + "serviceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The URL of a destination service to which to route traffic. Must refer to either a BackendService or ServiceDirectoryService.\n\nAllowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Optional. Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "serviceRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "faultInjectionPolicy": { + "description": "Optional. The specification for fault injection introduced into traffic to test the resiliency of clients to destination service failure. As part of fault injection, when clients send requests to a destination, delays can be introduced on a percentage of requests before sending those requests to the destination service. Similarly requests from clients can be aborted by for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy", + "properties": { + "abort": { + "description": "The specification for aborting to client requests.", + "properties": { + "httpStatus": { + "description": "The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive.", + "format": "int64", + "type": "integer" + }, + "percentage": { + "description": "The percentage of traffic which will be aborted. The value must be between [0, 100]", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "delay": { + "description": "The specification for injecting delay to client requests.", + "properties": { + "fixedDelay": { + "description": "Specify a fixed delay before forwarding the request.", + "type": "string" + }, + "percentage": { + "description": "The percentage of traffic on which delay will be injected. The value must be between [0, 100]", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "retryPolicy": { + "description": "Optional. Specifies the retry policy associated with this route.", + "properties": { + "numRetries": { + "description": "Specifies the allowed number of retries. This number must be > 0. If not specpfied, default to 1.", + "format": "int64", + "type": "integer" + }, + "retryConditions": { + "description": "- connect-failure: Router will retry on failures connecting to Backend Services, for example due to connection timeouts. - refused-stream: Router will retry if the backend service resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled: Router will retry if the gRPC status code in the response header is set to cancelled - deadline-exceeded: Router will retry if the gRPC status code in the response header is set to deadline-exceeded - resource-exhausted: Router will retry if the gRPC status code in the response header is set to resource-exhausted - unavailable: Router will retry if the gRPC status code in the response header is set to unavailable", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "Optional. Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "matches": { + "description": "Optional. Matches define conditions used for matching the rule against incoming gRPC requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied. If no matches field is specified, this rule will unconditionally match traffic.", + "items": { + "properties": { + "headers": { + "description": "Optional. Specifies a collection of headers to match.", + "items": { + "properties": { + "key": { + "description": "Required. The key of the header.", + "type": "string" + }, + "type": { + "description": "Optional. Specifies how to match against the value of the header. If not specified, a default value of EXACT is used. Possible values: MATCH_TYPE_UNSPECIFIED, MATCH_ANY, MATCH_ALL", + "type": "string" + }, + "value": { + "description": "Required. The value of the header.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "method": { + "description": "Optional. A gRPC method to match against. If this field is empty or omitted, will match all methods.", + "properties": { + "caseSensitive": { + "description": "Optional. Specifies that matches are case sensitive. The default value is true. case_sensitive must not be used with a type of REGULAR_EXPRESSION.", + "type": "boolean" + }, + "grpcMethod": { + "description": "Required. Name of the method to match against. If unspecified, will match all methods.", + "type": "string" + }, + "grpcService": { + "description": "Required. Name of the service to match against. If unspecified, will match all services.", + "type": "string" + }, + "type": { + "description": "Optional. Specifies how to match against the name. If not specified, a default value of \"EXACT\" is used. Possible values: TYPE_UNSPECIFIED, EXACT, REGULAR_EXPRESSION", + "type": "string" + } + }, + "required": [ + "grpcMethod", + "grpcService" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "action" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "hostnames", + "location", + "projectRef", + "rules" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "Output only. Server-defined URL of this resource", + "type": "string" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkservices.cnrm.cloud.google.com/networkserviceshttproute_v1beta1.json b/networkservices.cnrm.cloud.google.com/networkserviceshttproute_v1beta1.json new file mode 100644 index 00000000..61693d1c --- /dev/null +++ b/networkservices.cnrm.cloud.google.com/networkserviceshttproute_v1beta1.json @@ -0,0 +1,742 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Optional. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "gateways": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "hostnames": { + "description": "Required. Hostnames define a set of hosts that should match against the HTTP host header to select a HttpRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 1123 with the exception that ip addresses are not allowed. Wildcard hosts are supported as \"*\" (no prefix or suffix allowed).", + "items": { + "type": "string" + }, + "type": "array" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "meshes": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rules": { + "description": "Required. Rules that define how traffic is routed and handled.", + "items": { + "properties": { + "action": { + "description": "The detailed rule defining how to route matched traffic.", + "properties": { + "corsPolicy": { + "description": "The specification for allowing client side cross-origin requests.", + "properties": { + "allowCredentials": { + "description": "In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This translates to the Access-Control-Allow-Credentials header. Default value is false.", + "type": "boolean" + }, + "allowHeaders": { + "description": "Specifies the content for Access-Control-Allow-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowMethods": { + "description": "Specifies the content for Access-Control-Allow-Methods header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOriginRegexes": { + "description": "Specifies the regular expression patterns that match allowed origins. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax.", + "items": { + "type": "string" + }, + "type": "array" + }, + "allowOrigins": { + "description": "Specifies the list of origins that will be allowed to do CORS requests. An origin is allowed if it matches either an item in allow_origins or an item in allow_origin_regexes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "disabled": { + "description": "If true, the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.", + "type": "boolean" + }, + "exposeHeaders": { + "description": "Specifies the content for Access-Control-Expose-Headers header.", + "items": { + "type": "string" + }, + "type": "array" + }, + "maxAge": { + "description": "Specifies how long result of a preflight request can be cached in seconds. This translates to the Access-Control-Max-Age header.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "destinations": { + "description": "The destination to which traffic should be forwarded.", + "items": { + "properties": { + "serviceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The URL of a BackendService to route traffic to.\n\nAllowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "faultInjectionPolicy": { + "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted for a percentage of requests. timeout and retry_policy will be ignored by clients that are configured with a fault_injection_policy", + "properties": { + "abort": { + "description": "The specification for aborting to client requests.", + "properties": { + "httpStatus": { + "description": "The HTTP status code used to abort the request. The value must be between 200 and 599 inclusive.", + "format": "int64", + "type": "integer" + }, + "percentage": { + "description": "The percentage of traffic which will be aborted. The value must be between [0, 100]", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "delay": { + "description": "The specification for injecting delay to client requests.", + "properties": { + "fixedDelay": { + "description": "Specify a fixed delay before forwarding the request.", + "type": "string" + }, + "percentage": { + "description": "The percentage of traffic on which delay will be injected. The value must be between [0, 100]", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "redirect": { + "description": "If set, the request is directed as configured by this field.", + "properties": { + "hostRedirect": { + "description": "The host that will be used in the redirect response instead of the one that was supplied in the request.", + "type": "string" + }, + "httpsRedirect": { + "description": "If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. The default is set to false.", + "type": "boolean" + }, + "pathRedirect": { + "description": "The path that will be used in the redirect response instead of the one that was supplied in the request. path_redirect can not be supplied together with prefix_redirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.", + "type": "string" + }, + "portRedirect": { + "description": "The port that will be used in the redirected request instead of the one that was supplied in the request.", + "format": "int64", + "type": "integer" + }, + "prefixRewrite": { + "description": "Indicates that during redirection, the matched prefix (or path) should be swapped with this value. This option allows URLs be dynamically created based on the request.", + "type": "string" + }, + "responseCode": { + "description": "The HTTP Status code to use for the redirect. Possible values: MOVED_PERMANENTLY_DEFAULT, FOUND, SEE_OTHER, TEMPORARY_REDIRECT, PERMANENT_REDIRECT", + "type": "string" + }, + "stripQuery": { + "description": "if set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "requestHeaderModifier": { + "description": "The specification for modifying the headers of a matching request prior to delivery of the request to the destination.", + "properties": { + "add": { + "additionalProperties": { + "type": "string" + }, + "description": "Add the headers with given map where key is the name of the header, value is the value of the header.", + "type": "object" + }, + "remove": { + "description": "Remove headers (matching by header names) specified in the list.", + "items": { + "type": "string" + }, + "type": "array" + }, + "set": { + "additionalProperties": { + "type": "string" + }, + "description": "Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "requestMirrorPolicy": { + "description": "Specifies the policy on how requests intended for the routes destination are shadowed to a separate mirrored destination. Proxy will not wait for the shadow destination to respond before returning the response. Prior to sending traffic to the shadow service, the host/authority header is suffixed with -shadow.", + "properties": { + "destination": { + "description": "The destination the requests will be mirrored to. The weight of the destination will be ignored.", + "properties": { + "serviceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The URL of a BackendService to route traffic to.\n\nAllowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "responseHeaderModifier": { + "description": "The specification for modifying the headers of a response prior to sending the response back to the client.", + "properties": { + "add": { + "additionalProperties": { + "type": "string" + }, + "description": "Add the headers with given map where key is the name of the header, value is the value of the header.", + "type": "object" + }, + "remove": { + "description": "Remove headers (matching by header names) specified in the list.", + "items": { + "type": "string" + }, + "type": "array" + }, + "set": { + "additionalProperties": { + "type": "string" + }, + "description": "Completely overwrite/replace the headers with given map where key is the name of the header, value is the value of the header.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "retryPolicy": { + "description": "Specifies the retry policy associated with this route.", + "properties": { + "numRetries": { + "description": "Specifies the allowed number of retries. This number must be > 0. If not specified, default to 1.", + "format": "int64", + "type": "integer" + }, + "perTryTimeout": { + "description": "Specifies a non-zero timeout per retry attempt.", + "type": "string" + }, + "retryConditions": { + "description": "Specifies one or more conditions when this retry policy applies. Valid values are: 5xx: Proxy will attempt a retry if the destination service responds with any 5xx response code, of if the destination service does not respond at all, example: disconnect, reset, read timeout, connection failure and refused streams. gateway-error: Similar to 5xx, but only applies to response codes 502, 503, 504. reset: Proxy will attempt a retry if the destination service does not respond at all (disconnect/reset/read timeout) connect-failure: Proxy will retry on failures connecting to destination for example due to connection timeouts. retriable-4xx: Proxy will retry fro retriable 4xx response codes. Currently the only retriable error supported is 409. refused-stream: Proxy will retry if the destination resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "Specifies the timeout for selected route. Timeout is computed from the time the request has been fully processed (i.e. end of stream) up until the response has been completely processed. Timeout includes all retries.", + "type": "string" + }, + "urlRewrite": { + "description": "The specification for rewrite URL before forwarding requests to the destination.", + "properties": { + "hostRewrite": { + "description": "Prior to forwarding the request to the selected destination, the requests host header is replaced by this value.", + "type": "string" + }, + "pathPrefixRewrite": { + "description": "Prior to forwarding the request to the selected destination, the matching portion of the requests path is replaced by this value.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "matches": { + "description": "A list of matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if ANY one of the matches is satisfied.", + "items": { + "properties": { + "fullPathMatch": { + "description": "The HTTP request path value should exactly match this value. Only one of full_path_match, prefix_match, or regex_match should be used.", + "type": "string" + }, + "headers": { + "description": "Specifies a list of HTTP request headers to match against. ALL of the supplied headers must be matched.", + "items": { + "properties": { + "exactMatch": { + "description": "The value of the header should match exactly the content of exact_match.", + "type": "string" + }, + "header": { + "description": "The name of the HTTP header to match against.", + "type": "string" + }, + "invertMatch": { + "description": "If specified, the match result will be inverted before checking. Default value is set to false.", + "type": "boolean" + }, + "prefixMatch": { + "description": "The value of the header must start with the contents of prefix_match.", + "type": "string" + }, + "presentMatch": { + "description": "A header with header_name must exist. The match takes place whether or not the header has a value.", + "type": "boolean" + }, + "rangeMatch": { + "description": "If specified, the rule will match if the request header value is within the range.", + "properties": { + "end": { + "description": "End of the range (exclusive)", + "format": "int64", + "type": "integer" + }, + "start": { + "description": "Start of the range (inclusive)", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "regexMatch": { + "description": "The value of the header must match the regular expression specified in regex_match. For regular expression grammar, please see: https://github.com/google/re2/wiki/Syntax", + "type": "string" + }, + "suffixMatch": { + "description": "The value of the header must end with the contents of suffix_match.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "ignoreCase": { + "description": "Specifies if prefix_match and full_path_match matches are case sensitive. The default value is false.", + "type": "boolean" + }, + "prefixMatch": { + "description": "The HTTP request path value must begin with specified prefix_match. prefix_match must begin with a /. Only one of full_path_match, prefix_match, or regex_match should be used.", + "type": "string" + }, + "queryParameters": { + "description": "Specifies a list of query parameters to match against. ALL of the query parameters must be matched.", + "items": { + "properties": { + "exactMatch": { + "description": "The value of the query parameter must exactly match the contents of exact_match. Only one of exact_match, regex_match, or present_match must be set.", + "type": "string" + }, + "presentMatch": { + "description": "Specifies that the QueryParameterMatcher matches if request contains query parameter, irrespective of whether the parameter has a value or not. Only one of exact_match, regex_match, or present_match must be set.", + "type": "boolean" + }, + "queryParameter": { + "description": "The name of the query parameter to match.", + "type": "string" + }, + "regexMatch": { + "description": "The value of the query parameter must match the regular expression specified by regex_match. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of exact_match, regex_match, or present_match must be set.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "regexMatch": { + "description": "The HTTP request path value must satisfy the regular expression specified by regex_match after removing any query parameters and anchor supplied with the original URL. For regular expression grammar, please see https://github.com/google/re2/wiki/Syntax Only one of full_path_match, prefix_match, or regex_match should be used.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "hostnames", + "location", + "projectRef", + "rules" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "Output only. Server-defined URL of this resource", + "type": "string" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkservices.cnrm.cloud.google.com/networkservicesmesh_v1beta1.json b/networkservices.cnrm.cloud.google.com/networkservicesmesh_v1beta1.json new file mode 100644 index 00000000..92bd198a --- /dev/null +++ b/networkservices.cnrm.cloud.google.com/networkservicesmesh_v1beta1.json @@ -0,0 +1,150 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Optional. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "interceptionPort": { + "description": "Optional. If set to a valid TCP port (1-65535), instructs the SIDECAR proxy to listen on the specified port of localhost (127.0.0.1) address. The SIDECAR proxy will expect all traffic to be redirected to this port regardless of its actual ip:port destination. If unset, a port '15001' is used as the interception port. This field is only valid if the type of Mesh is SIDECAR.", + "format": "int64", + "type": "integer" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "Output only. Server-defined URL of this resource", + "type": "string" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkservices.cnrm.cloud.google.com/networkservicestcproute_v1beta1.json b/networkservices.cnrm.cloud.google.com/networkservicestcproute_v1beta1.json new file mode 100644 index 00000000..e6d9bf06 --- /dev/null +++ b/networkservices.cnrm.cloud.google.com/networkservicestcproute_v1beta1.json @@ -0,0 +1,363 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Optional. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "gateways": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "meshes": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rules": { + "description": "Required. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match.", + "items": { + "properties": { + "action": { + "description": "Required. The detailed rule defining how to route matched traffic.", + "properties": { + "destinations": { + "description": "Optional. The destination services to which traffic should be forwarded. At least one destination service is required.", + "items": { + "properties": { + "serviceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The URL of a BackendService to route traffic to.\n\nAllowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Optional. Specifies the proportion of requests forwarded to the backend referenced by the serviceName field. This is computed as: weight/Sum(weights in this destination list). For non-zero values, there may be some epsilon from the exact proportion defined here depending on the precision an implementation supports. If only one serviceName is specified and it has a weight greater than 0, 100% of the traffic is forwarded to that backend. If weights are specified for any one service name, they need to be specified for all of them. If weights are unspecified for all services, then, traffic is distributed in equal proportions to all of them.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "serviceRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "originalDestination": { + "description": "Optional. If true, Router will use the destination IP and port of the original connection as the destination of the request. Default is false.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "matches": { + "description": "Optional. RouteMatch defines the predicate used to match requests to a given action. Multiple match types are \u201cOR\u201ded for evaluation. If no routeMatch field is specified, this rule will unconditionally match traffic.", + "items": { + "properties": { + "address": { + "description": "Required. Must be specified in the CIDR range format. A CIDR range consists of an IP Address and a prefix length to construct the subnet mask. By default, the prefix length is 32 (i.e. matches a single IP address). Only IPV4 addresses are supported. Examples: \u201c10.0.0.1\u201d - matches against this exact IP address. \u201c10.0.0.0/8\" - matches against any IP address within the 10.0.0.0 subnet and 255.255.255.0 mask. \"0.0.0.0/0\" - matches against any IP address'.", + "type": "string" + }, + "port": { + "description": "Required. Specifies the destination port to match against.", + "type": "string" + } + }, + "required": [ + "address", + "port" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "action" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "location", + "projectRef", + "rules" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "Output only. Server-defined URL of this resource", + "type": "string" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/networkservices.cnrm.cloud.google.com/networkservicestlsroute_v1beta1.json b/networkservices.cnrm.cloud.google.com/networkservicestlsroute_v1beta1.json new file mode 100644 index 00000000..ce3983bd --- /dev/null +++ b/networkservices.cnrm.cloud.google.com/networkservicestlsroute_v1beta1.json @@ -0,0 +1,365 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Optional. A free-text description of the resource. Max length 1024 characters.", + "type": "string" + }, + "gateways": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `NetworkServicesGateway` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "meshes": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `NetworkServicesMesh` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rules": { + "description": "Required. Rules that define how traffic is routed and handled. At least one RouteRule must be supplied. If there are multiple rules then the action taken will be the first rule to match.", + "items": { + "properties": { + "action": { + "description": "Required. The detailed rule defining how to route matched traffic.", + "properties": { + "destinations": { + "description": "Required. The destination services to which traffic should be forwarded. At least one destination service is required.", + "items": { + "properties": { + "serviceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Required. The URL of a BackendService to route traffic to.\n\nAllowed value: The Google Cloud resource name of a `ComputeBackendService` resource (format: `projects/{{project}}/global/backendServices/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "weight": { + "description": "Optional. Specifies the proportion of requests forwareded to the backend referenced by the service_name field. This is computed as: weight/Sum(weights in destinations) Weights in all destinations does not need to sum up to 100.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "serviceRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "destinations" + ], + "type": "object", + "additionalProperties": false + }, + "matches": { + "description": "Required. RouteMatch defines the predicate used to match requests to a given action. Multiple match types are \"OR\"ed for evaluation.", + "items": { + "properties": { + "alpn": { + "description": "Optional. ALPN (Application-Layer Protocol Negotiation) to match against. Examples: \"http/1.1\", \"h2\". At least one of sni_host and alpn is required. Up to 5 alpns across all matches can be set.", + "items": { + "type": "string" + }, + "type": "array" + }, + "sniHost": { + "description": "Optional. SNI (server name indicator) to match against. SNI will be matched against all wildcard domains, i.e. www.example.com will be first matched against www.example.com, then *.example.com, then *.com. Partial wildcards are not supported, and values like *w.example.com are invalid. At least one of sni_host and alpn is required. Up to 5 sni hosts across all matches can be set.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "action", + "matches" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "location", + "projectRef", + "rules" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The timestamp when the resource was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "Output only. Server-defined URL of this resource", + "type": "string" + }, + "updateTime": { + "description": "Output only. The timestamp when the resource was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/osconfig.cnrm.cloud.google.com/osconfigguestpolicy_v1beta1.json b/osconfig.cnrm.cloud.google.com/osconfigguestpolicy_v1beta1.json new file mode 100644 index 00000000..392c6964 --- /dev/null +++ b/osconfig.cnrm.cloud.google.com/osconfigguestpolicy_v1beta1.json @@ -0,0 +1,767 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "assignment": { + "description": "Specifies the VMs that are assigned this policy. This allows you to target sets or groups of VMs by different parameters such as labels, names, OS, or zones. Empty assignments will target ALL VMs underneath this policy. Conflict Management Policies that exist higher up in the resource hierarchy (closer to the Org) will override those lower down if there is a conflict. At the same level in the resource hierarchy (ie. within a project), the service will prevent the creation of multiple policies that conflict with each other. If there are multiple policies that specify the same config (eg. package, software recipe, repository, etc.), the service will ensure that no VM could potentially receive instructions from both policies. To create multiple policies that specify different versions of a package or different configs for different Operating Systems, each policy must be mutually exclusive in their targeting according to labels, OS, or other criteria. Different configs are identified for conflicts in different ways. Packages are identified by their name and the package manager(s) they target. Package repositories are identified by their unique id where applicable. Some package managers don't have a unique identifier for repositories and where that's the case, no uniqueness is validated by the service. Note that if OS Inventory is disabled, a VM will not be assigned a policy that targets by OS because the service will see this VM's OS as unknown.", + "properties": { + "groupLabels": { + "description": "Targets instances matching at least one of these label sets. This allows an assignment to target disparate groups, for example \"env=prod or env=staging\".", + "items": { + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Google Compute Engine instance labels that must be present for an instance to be included in this assignment group.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "instanceNamePrefixes": { + "description": "Targets VM instances whose name starts with one of these prefixes. Like labels, this is another way to group VM instances when targeting configs, for example prefix=\"prod-\". Only supported for project-level policies.", + "items": { + "type": "string" + }, + "type": "array" + }, + "instances": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "osTypes": { + "description": "Targets VM instances matching at least one of the following OS types. VM instances must match all supplied criteria for a given OsType to be included.", + "items": { + "properties": { + "osArchitecture": { + "description": "Targets VM instances with OS Inventory enabled and having the following OS architecture.", + "type": "string" + }, + "osShortName": { + "description": "Targets VM instances with OS Inventory enabled and having the following OS short name, for example \"debian\" or \"windows\".", + "type": "string" + }, + "osVersion": { + "description": "Targets VM instances with OS Inventory enabled and having the following following OS version.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "zones": { + "description": "Targets instances in any of these zones. Leave empty to target instances in any zone. Zonal targeting is uncommon and is supported to facilitate the management of changes by zone.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "description": { + "description": "Description of the GuestPolicy. Length of the description is limited to 1024 characters.", + "type": "string" + }, + "packageRepositories": { + "description": "List of package repository configurations assigned to the VM instance.", + "items": { + "properties": { + "apt": { + "description": "An Apt Repository.", + "properties": { + "archiveType": { + "description": "Type of archive files in this repository. The default behavior is DEB. Possible values: ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC", + "type": "string" + }, + "components": { + "description": "Required. List of components for this repository. Must contain at least one item.", + "items": { + "type": "string" + }, + "type": "array" + }, + "distribution": { + "description": "Required. Distribution of this repository.", + "type": "string" + }, + "gpgKey": { + "description": "URI of the key file for this repository. The agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg` containing all the keys in any applied guest policy.", + "type": "string" + }, + "uri": { + "description": "Required. URI for this repository.", + "type": "string" + } + }, + "required": [ + "distribution", + "uri" + ], + "type": "object", + "additionalProperties": false + }, + "goo": { + "description": "A Goo Repository.", + "properties": { + "name": { + "description": "Required. The name of the repository.", + "type": "string" + }, + "url": { + "description": "Required. The url of the repository.", + "type": "string" + } + }, + "required": [ + "name", + "url" + ], + "type": "object", + "additionalProperties": false + }, + "yum": { + "description": "A Yum Repository.", + "properties": { + "baseUrl": { + "description": "Required. The location of the repository directory.", + "type": "string" + }, + "displayName": { + "description": "The display name of the repository.", + "type": "string" + }, + "gpgKeys": { + "description": "URIs of GPG keys.", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "Required. A one word, unique name for this repository. This is the `repo id` in the Yum config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for guest policy conflicts.", + "type": "string" + } + }, + "required": [ + "baseUrl", + "id" + ], + "type": "object", + "additionalProperties": false + }, + "zypper": { + "description": "A Zypper Repository.", + "properties": { + "baseUrl": { + "description": "Required. The location of the repository directory.", + "type": "string" + }, + "displayName": { + "description": "The display name of the repository.", + "type": "string" + }, + "gpgKeys": { + "description": "URIs of GPG keys.", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for guest policy conflicts.", + "type": "string" + } + }, + "required": [ + "baseUrl", + "id" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "packages": { + "description": "List of package configurations assigned to the VM instance.", + "items": { + "properties": { + "desiredState": { + "description": "The desired_state the agent should maintain for this package. The default is to ensure the package is installed. Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED", + "type": "string" + }, + "manager": { + "description": "Type of package manager that can be used to install this package. If a system does not have the package manager, the package is not installed or removed no error message is returned. By default, or if you specify `ANY`, the agent attempts to install and remove this package using the default package manager. This is useful when creating a policy that applies to different types of systems. The default behavior is ANY. Possible values: MANAGER_UNSPECIFIED, ANY, APT, YUM, ZYPPER, GOO", + "type": "string" + }, + "name": { + "description": "Required. The name of the package. A package is uniquely identified for conflict validation by checking the package name and the manager(s) that the package targets.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "recipes": { + "description": "Optional. A list of Recipes to install on the VM.", + "items": { + "properties": { + "artifacts": { + "description": "Resources available to be used in the steps in the recipe.", + "items": { + "properties": { + "allowInsecure": { + "description": "Defaults to false. When false, recipes are subject to validations based on the artifact type: Remote: A checksum must be specified, and only protocols with transport-layer security are permitted. GCS: An object generation number must be specified.", + "type": "boolean" + }, + "gcs": { + "description": "A Google Cloud Storage artifact.", + "properties": { + "bucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Bucket of the Google Cloud Storage object. Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `my-bucket`.\n\nAllowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "generation": { + "description": "Must be provided if allow_insecure is false. Generation number of the Google Cloud Storage object. `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `1234567`.", + "format": "int64", + "type": "integer" + }, + "object": { + "description": "Name of the Google Cloud Storage object. As specified [here] (https://cloud.google.com/storage/docs/naming#objectnames) Given an example URL: `https://storage.googleapis.com/my-bucket/foo/bar#1234567` this value would be `foo/bar`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "id": { + "description": "Required. Id of the artifact, which the installation and update steps of this recipe can reference. Artifacts in a recipe cannot have the same id.", + "type": "string" + }, + "remote": { + "description": "A generic remote artifact.", + "properties": { + "checksum": { + "description": "Must be provided if `allow_insecure` is `false`. SHA256 checksum in hex format, to compare to the checksum of the artifact. If the checksum is not empty and it doesn't match the artifact then the recipe installation fails before running any of the steps.", + "type": "string" + }, + "uri": { + "description": "URI from which to fetch the object. It should contain both the protocol and path following the format: {protocol}://{location}.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "desiredState": { + "description": "Default is INSTALLED. The desired state the agent should maintain for this recipe. INSTALLED: The software recipe is installed on the instance but won't be updated to new versions. UPDATED: The software recipe is installed on the instance. The recipe is updated to a higher version, if a higher version of the recipe is assigned to this instance. REMOVE: Remove is unsupported for software recipes and attempts to create or update a recipe to the REMOVE state is rejected. Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED", + "type": "string" + }, + "installSteps": { + "description": "Actions to be taken for installing this recipe. On failure it stops executing steps and does not attempt another installation. Any steps taken (including partially completed steps) are not rolled back.", + "items": { + "properties": { + "archiveExtraction": { + "description": "Extracts an archive into the specified directory.", + "properties": { + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + }, + "destination": { + "description": "Directory to extract archive to. Defaults to `/` on Linux or `C:` on Windows.", + "type": "string" + }, + "type": { + "description": "Required. The type of the archive to extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, DESIRED_STATE_CHECK_POST_ENFORCEMENT", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "dpkgInstallation": { + "description": "Installs a deb file via dpkg.", + "properties": { + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "fileCopy": { + "description": "Copies a file onto the instance.", + "properties": { + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + }, + "destination": { + "description": "Required. The absolute path on the instance to put the file.", + "type": "string" + }, + "overwrite": { + "description": "Whether to allow this step to overwrite existing files. If this is false and the file already exists the file is not overwritten and the step is considered a success. Defaults to false.", + "type": "boolean" + }, + "permissions": { + "description": "Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "fileExec": { + "description": "Executes an artifact or local file.", + "properties": { + "allowedExitCodes": { + "description": "Defaults to [0]. A list of possible return values that the program can return to indicate a success.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "args": { + "description": "Arguments to be passed to the provided executable.", + "items": { + "type": "string" + }, + "type": "array" + }, + "artifactId": { + "description": "The id of the relevant artifact in the recipe.", + "type": "string" + }, + "localPath": { + "description": "The absolute path of the file on the local filesystem.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "msiInstallation": { + "description": "Installs an MSI file.", + "properties": { + "allowedExitCodes": { + "description": "Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + }, + "flags": { + "description": "The flags to use when installing the MSI defaults to [\"/i\"] (i.e. the install flag).", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "rpmInstallation": { + "description": "Installs an rpm file via the rpm utility.", + "properties": { + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "scriptRun": { + "description": "Runs commands in a shell.", + "properties": { + "allowedExitCodes": { + "description": "Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "interpreter": { + "description": "The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, which likely only succeed for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL", + "type": "string" + }, + "script": { + "description": "Required. The shell script to be executed.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "Required. Unique identifier for the recipe. Only one recipe with a given name is installed on an instance. Names are also used to identify resources which helps to determine whether guest policies have conflicts. This means that requests to create multiple recipes with the same name and version are rejected since they could potentially have conflicting assignments.", + "type": "string" + }, + "updateSteps": { + "description": "Actions to be taken for updating this recipe. On failure it stops executing steps and does not attempt another update for this recipe. Any steps taken (including partially completed steps) are not rolled back.", + "items": { + "properties": { + "archiveExtraction": { + "description": "Extracts an archive into the specified directory.", + "properties": { + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + }, + "destination": { + "description": "Directory to extract archive to. Defaults to `/` on Linux or `C:` on Windows.", + "type": "string" + }, + "type": { + "description": "Required. The type of the archive to extract. Possible values: TYPE_UNSPECIFIED, VALIDATION, DESIRED_STATE_CHECK, DESIRED_STATE_ENFORCEMENT, DESIRED_STATE_CHECK_POST_ENFORCEMENT", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "dpkgInstallation": { + "description": "Installs a deb file via dpkg.", + "properties": { + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "fileCopy": { + "description": "Copies a file onto the instance.", + "properties": { + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + }, + "destination": { + "description": "Required. The absolute path on the instance to put the file.", + "type": "string" + }, + "overwrite": { + "description": "Whether to allow this step to overwrite existing files. If this is false and the file already exists the file is not overwritten and the step is considered a success. Defaults to false.", + "type": "boolean" + }, + "permissions": { + "description": "Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "fileExec": { + "description": "Executes an artifact or local file.", + "properties": { + "allowedExitCodes": { + "description": "Defaults to [0]. A list of possible return values that the program can return to indicate a success.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "args": { + "description": "Arguments to be passed to the provided executable.", + "items": { + "type": "string" + }, + "type": "array" + }, + "artifactId": { + "description": "The id of the relevant artifact in the recipe.", + "type": "string" + }, + "localPath": { + "description": "The absolute path of the file on the local filesystem.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "msiInstallation": { + "description": "Installs an MSI file.", + "properties": { + "allowedExitCodes": { + "description": "Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + }, + "flags": { + "description": "The flags to use when installing the MSI defaults to [\"/i\"] (i.e. the install flag).", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "rpmInstallation": { + "description": "Installs an rpm file via the rpm utility.", + "properties": { + "artifactId": { + "description": "Required. The id of the relevant artifact in the recipe.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "scriptRun": { + "description": "Runs commands in a shell.", + "properties": { + "allowedExitCodes": { + "description": "Return codes that indicate that the software installed or updated successfully. Behaviour defaults to [0]", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "interpreter": { + "description": "The script interpreter to use to run the script. If no interpreter is specified the script is executed directly, which likely only succeed for scripts with [shebang lines](https://en.wikipedia.org/wiki/Shebang_(Unix)). Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL", + "type": "string" + }, + "script": { + "description": "Required. The shell script to be executed.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "version": { + "description": "The version of this software recipe. Version can be up to 4 period separated numbers (e.g. 12.34.56.78).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. Time this GuestPolicy was created.", + "format": "date-time", + "type": "string" + }, + "etag": { + "description": "The etag for this GuestPolicy. If this is provided on update, it must match the server's etag.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. Last time this GuestPolicy was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/osconfig.cnrm.cloud.google.com/osconfigospolicyassignment_v1beta1.json b/osconfig.cnrm.cloud.google.com/osconfigospolicyassignment_v1beta1.json new file mode 100644 index 00000000..16f8b62e --- /dev/null +++ b/osconfig.cnrm.cloud.google.com/osconfigospolicyassignment_v1beta1.json @@ -0,0 +1,1026 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "OS policy assignment description. Length of the description is limited to 1024 characters.", + "type": "string" + }, + "instanceFilter": { + "description": "Required. Filter to select VMs.", + "properties": { + "all": { + "description": "Target all VMs in the project. If true, no other criteria is permitted.", + "type": "boolean" + }, + "exclusionLabels": { + "description": "List of label sets used for VM exclusion. If the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.", + "items": { + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "inclusionLabels": { + "description": "List of label sets used for VM inclusion. If the list has more than one `LabelSet`, the VM is included if any of the label sets are applicable for the VM.", + "items": { + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "inventories": { + "description": "List of inventories to select VMs. A VM is selected if its inventory data matches at least one of the following inventories.", + "items": { + "properties": { + "osShortName": { + "description": "Required. The OS short name", + "type": "string" + }, + "osVersion": { + "description": "The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of `7`, specify the following value for this field `7.*` An empty string matches all OS versions.", + "type": "string" + } + }, + "required": [ + "osShortName" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "osPolicies": { + "description": "Required. List of OS policies to be applied to the VMs.", + "items": { + "properties": { + "allowNoResourceGroupMatch": { + "description": "This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to `true` if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce.", + "type": "boolean" + }, + "description": { + "description": "Policy description. Length of the description is limited to 1024 characters.", + "type": "string" + }, + "id": { + "description": "Required. The id of the OS policy with the following restrictions: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-63 characters. * Must end with a number or a letter. * Must be unique within the assignment.", + "type": "string" + }, + "mode": { + "description": "Required. Policy mode Possible values: MODE_UNSPECIFIED, VALIDATION, ENFORCEMENT", + "type": "string" + }, + "resourceGroups": { + "description": "Required. List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored. If none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag `allow_no_resource_group_match`", + "items": { + "properties": { + "inventoryFilters": { + "description": "List of inventory filters for the resource group. The resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters. For example, to apply this resource group to VMs running either `RHEL` or `CentOS` operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos' If the list is empty, this resource group will be applied to the target VM unconditionally.", + "items": { + "properties": { + "osShortName": { + "description": "Required. The OS short name", + "type": "string" + }, + "osVersion": { + "description": "The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of `7`, specify the following value for this field `7.*` An empty string matches all OS versions.", + "type": "string" + } + }, + "required": [ + "osShortName" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "description": "Required. List of resources configured for this resource group. The resources are executed in the exact order specified here.", + "items": { + "properties": { + "exec": { + "description": "Exec resource", + "properties": { + "enforce": { + "description": "What to run to bring this resource into the desired state. An exit code of 100 indicates \"success\", any other exit code indicates a failure running enforce.", + "properties": { + "args": { + "description": "Optional arguments to pass to the source during execution.", + "items": { + "type": "string" + }, + "type": "array" + }, + "file": { + "description": "A remote or local file.", + "properties": { + "allowInsecure": { + "description": "Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.", + "type": "boolean" + }, + "gcs": { + "description": "A Cloud Storage object.", + "properties": { + "bucket": { + "description": "Required. Bucket of the Cloud Storage object.", + "type": "string" + }, + "generation": { + "description": "Generation number of the Cloud Storage object.", + "format": "int64", + "type": "integer" + }, + "object": { + "description": "Required. Name of the Cloud Storage object.", + "type": "string" + } + }, + "required": [ + "bucket", + "object" + ], + "type": "object", + "additionalProperties": false + }, + "localPath": { + "description": "A local path within the VM to use.", + "type": "string" + }, + "remote": { + "description": "A generic remote file.", + "properties": { + "sha256Checksum": { + "description": "SHA256 checksum of the remote file.", + "type": "string" + }, + "uri": { + "description": "Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`.", + "type": "string" + } + }, + "required": [ + "uri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "interpreter": { + "description": "Required. The script interpreter to use. Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL", + "type": "string" + }, + "outputFilePath": { + "description": "Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.", + "type": "string" + }, + "script": { + "description": "An inline script. The size of the script is limited to 1024 characters.", + "type": "string" + } + }, + "required": [ + "interpreter" + ], + "type": "object", + "additionalProperties": false + }, + "validate": { + "description": "Required. What to run to validate this resource is in the desired state. An exit code of 100 indicates \"in desired state\", and exit code of 101 indicates \"not in desired state\". Any other exit code indicates a failure running validate.", + "properties": { + "args": { + "description": "Optional arguments to pass to the source during execution.", + "items": { + "type": "string" + }, + "type": "array" + }, + "file": { + "description": "A remote or local file.", + "properties": { + "allowInsecure": { + "description": "Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.", + "type": "boolean" + }, + "gcs": { + "description": "A Cloud Storage object.", + "properties": { + "bucket": { + "description": "Required. Bucket of the Cloud Storage object.", + "type": "string" + }, + "generation": { + "description": "Generation number of the Cloud Storage object.", + "format": "int64", + "type": "integer" + }, + "object": { + "description": "Required. Name of the Cloud Storage object.", + "type": "string" + } + }, + "required": [ + "bucket", + "object" + ], + "type": "object", + "additionalProperties": false + }, + "localPath": { + "description": "A local path within the VM to use.", + "type": "string" + }, + "remote": { + "description": "A generic remote file.", + "properties": { + "sha256Checksum": { + "description": "SHA256 checksum of the remote file.", + "type": "string" + }, + "uri": { + "description": "Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`.", + "type": "string" + } + }, + "required": [ + "uri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "interpreter": { + "description": "Required. The script interpreter to use. Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL", + "type": "string" + }, + "outputFilePath": { + "description": "Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.", + "type": "string" + }, + "script": { + "description": "An inline script. The size of the script is limited to 1024 characters.", + "type": "string" + } + }, + "required": [ + "interpreter" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "validate" + ], + "type": "object", + "additionalProperties": false + }, + "file": { + "description": "File resource", + "properties": { + "content": { + "description": "A a file with this content. The size of the content is limited to 1024 characters.", + "type": "string" + }, + "file": { + "description": "A remote or local source.", + "properties": { + "allowInsecure": { + "description": "Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.", + "type": "boolean" + }, + "gcs": { + "description": "A Cloud Storage object.", + "properties": { + "bucket": { + "description": "Required. Bucket of the Cloud Storage object.", + "type": "string" + }, + "generation": { + "description": "Generation number of the Cloud Storage object.", + "format": "int64", + "type": "integer" + }, + "object": { + "description": "Required. Name of the Cloud Storage object.", + "type": "string" + } + }, + "required": [ + "bucket", + "object" + ], + "type": "object", + "additionalProperties": false + }, + "localPath": { + "description": "A local path within the VM to use.", + "type": "string" + }, + "remote": { + "description": "A generic remote file.", + "properties": { + "sha256Checksum": { + "description": "SHA256 checksum of the remote file.", + "type": "string" + }, + "uri": { + "description": "Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`.", + "type": "string" + } + }, + "required": [ + "uri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "path": { + "description": "Required. The absolute path of the file within the VM.", + "type": "string" + }, + "permissions": { + "description": "Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755. Below are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4", + "type": "string" + }, + "state": { + "description": "Required. Desired state of the file. Possible values: OS_POLICY_COMPLIANCE_STATE_UNSPECIFIED, COMPLIANT, NON_COMPLIANT, UNKNOWN, NO_OS_POLICIES_APPLICABLE", + "type": "string" + } + }, + "required": [ + "path", + "state" + ], + "type": "object", + "additionalProperties": false + }, + "id": { + "description": "Required. The id of the resource with the following restrictions: * Must contain only lowercase letters, numbers, and hyphens. * Must start with a letter. * Must be between 1-63 characters. * Must end with a number or a letter. * Must be unique within the OS policy.", + "type": "string" + }, + "pkg": { + "description": "Package resource", + "properties": { + "apt": { + "description": "A package managed by Apt.", + "properties": { + "name": { + "description": "Required. Package name.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "deb": { + "description": "A deb package file.", + "properties": { + "pullDeps": { + "description": "Whether dependencies should also be installed. - install when false: `dpkg -i package` - install when true: `apt-get update && apt-get -y install package.deb`", + "type": "boolean" + }, + "source": { + "description": "Required. A deb package.", + "properties": { + "allowInsecure": { + "description": "Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.", + "type": "boolean" + }, + "gcs": { + "description": "A Cloud Storage object.", + "properties": { + "bucket": { + "description": "Required. Bucket of the Cloud Storage object.", + "type": "string" + }, + "generation": { + "description": "Generation number of the Cloud Storage object.", + "format": "int64", + "type": "integer" + }, + "object": { + "description": "Required. Name of the Cloud Storage object.", + "type": "string" + } + }, + "required": [ + "bucket", + "object" + ], + "type": "object", + "additionalProperties": false + }, + "localPath": { + "description": "A local path within the VM to use.", + "type": "string" + }, + "remote": { + "description": "A generic remote file.", + "properties": { + "sha256Checksum": { + "description": "SHA256 checksum of the remote file.", + "type": "string" + }, + "uri": { + "description": "Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`.", + "type": "string" + } + }, + "required": [ + "uri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "source" + ], + "type": "object", + "additionalProperties": false + }, + "desiredState": { + "description": "Required. The desired state the agent should maintain for this package. Possible values: DESIRED_STATE_UNSPECIFIED, INSTALLED, REMOVED", + "type": "string" + }, + "googet": { + "description": "A package managed by GooGet.", + "properties": { + "name": { + "description": "Required. Package name.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "msi": { + "description": "An MSI package.", + "properties": { + "properties": { + "description": "Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of `ACTION=INSTALL REBOOT=ReallySuppress`.", + "items": { + "type": "string" + }, + "type": "array" + }, + "source": { + "description": "Required. The MSI package.", + "properties": { + "allowInsecure": { + "description": "Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.", + "type": "boolean" + }, + "gcs": { + "description": "A Cloud Storage object.", + "properties": { + "bucket": { + "description": "Required. Bucket of the Cloud Storage object.", + "type": "string" + }, + "generation": { + "description": "Generation number of the Cloud Storage object.", + "format": "int64", + "type": "integer" + }, + "object": { + "description": "Required. Name of the Cloud Storage object.", + "type": "string" + } + }, + "required": [ + "bucket", + "object" + ], + "type": "object", + "additionalProperties": false + }, + "localPath": { + "description": "A local path within the VM to use.", + "type": "string" + }, + "remote": { + "description": "A generic remote file.", + "properties": { + "sha256Checksum": { + "description": "SHA256 checksum of the remote file.", + "type": "string" + }, + "uri": { + "description": "Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`.", + "type": "string" + } + }, + "required": [ + "uri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "additionalProperties": false + }, + "required": [ + "source" + ], + "type": "object", + "additionalProperties": false + }, + "rpm": { + "description": "An rpm package file.", + "properties": { + "pullDeps": { + "description": "Whether dependencies should also be installed. - install when false: `rpm --upgrade --replacepkgs package.rpm` - install when true: `yum -y install package.rpm` or `zypper -y install package.rpm`", + "type": "boolean" + }, + "source": { + "description": "Required. An rpm package.", + "properties": { + "allowInsecure": { + "description": "Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.", + "type": "boolean" + }, + "gcs": { + "description": "A Cloud Storage object.", + "properties": { + "bucket": { + "description": "Required. Bucket of the Cloud Storage object.", + "type": "string" + }, + "generation": { + "description": "Generation number of the Cloud Storage object.", + "format": "int64", + "type": "integer" + }, + "object": { + "description": "Required. Name of the Cloud Storage object.", + "type": "string" + } + }, + "required": [ + "bucket", + "object" + ], + "type": "object", + "additionalProperties": false + }, + "localPath": { + "description": "A local path within the VM to use.", + "type": "string" + }, + "remote": { + "description": "A generic remote file.", + "properties": { + "sha256Checksum": { + "description": "SHA256 checksum of the remote file.", + "type": "string" + }, + "uri": { + "description": "Required. URI from which to fetch the object. It should contain both the protocol and path following the format `{protocol}://{location}`.", + "type": "string" + } + }, + "required": [ + "uri" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "source" + ], + "type": "object", + "additionalProperties": false + }, + "yum": { + "description": "A package managed by YUM.", + "properties": { + "name": { + "description": "Required. Package name.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "zypper": { + "description": "A package managed by Zypper.", + "properties": { + "name": { + "description": "Required. Package name.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "desiredState" + ], + "type": "object", + "additionalProperties": false + }, + "repository": { + "description": "Package repository resource", + "properties": { + "apt": { + "description": "An Apt Repository.", + "properties": { + "archiveType": { + "description": "Required. Type of archive files in this repository. Possible values: ARCHIVE_TYPE_UNSPECIFIED, DEB, DEB_SRC", + "type": "string" + }, + "components": { + "description": "Required. List of components for this repository. Must contain at least one item.", + "items": { + "type": "string" + }, + "type": "array" + }, + "distribution": { + "description": "Required. Distribution of this repository.", + "type": "string" + }, + "gpgKey": { + "description": "URI of the key file for this repository. The agent maintains a keyring at `/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg`.", + "type": "string" + }, + "uri": { + "description": "Required. URI for this repository.", + "type": "string" + } + }, + "required": [ + "archiveType", + "components", + "distribution", + "uri" + ], + "type": "object", + "additionalProperties": false + }, + "goo": { + "description": "A Goo Repository.", + "properties": { + "name": { + "description": "Required. The name of the repository.", + "type": "string" + }, + "url": { + "description": "Required. The url of the repository.", + "type": "string" + } + }, + "required": [ + "name", + "url" + ], + "type": "object", + "additionalProperties": false + }, + "yum": { + "description": "A Yum Repository.", + "properties": { + "baseUrl": { + "description": "Required. The location of the repository directory.", + "type": "string" + }, + "displayName": { + "description": "The display name of the repository.", + "type": "string" + }, + "gpgKeys": { + "description": "URIs of GPG keys.", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "Required. A one word, unique name for this repository. This is the `repo id` in the yum config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for resource conflicts.", + "type": "string" + } + }, + "required": [ + "baseUrl", + "id" + ], + "type": "object", + "additionalProperties": false + }, + "zypper": { + "description": "A Zypper Repository.", + "properties": { + "baseUrl": { + "description": "Required. The location of the repository directory.", + "type": "string" + }, + "displayName": { + "description": "The display name of the repository.", + "type": "string" + }, + "gpgKeys": { + "description": "URIs of GPG keys.", + "items": { + "type": "string" + }, + "type": "array" + }, + "id": { + "description": "Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.", + "type": "string" + } + }, + "required": [ + "baseUrl", + "id" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "id" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "resources" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "id", + "mode", + "resourceGroups" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rollout": { + "description": "Required. Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.", + "properties": { + "disruptionBudget": { + "description": "Required. The maximum number (or percentage) of VMs per zone to disrupt at any given moment.", + "properties": { + "fixed": { + "description": "Specifies a fixed value.", + "format": "int64", + "type": "integer" + }, + "percent": { + "description": "Specifies the relative value defined as a percentage, which will be multiplied by a reference value.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "minWaitDuration": { + "description": "Required. This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the `disruption_budget` at least until this duration of time has passed after configuration changes are applied.", + "type": "string" + } + }, + "required": [ + "disruptionBudget", + "minWaitDuration" + ], + "type": "object", + "additionalProperties": false + }, + "skipAwaitRollout": { + "description": "Set to true to skip awaiting rollout during resource creation and update.", + "type": "boolean" + } + }, + "required": [ + "instanceFilter", + "location", + "osPolicies", + "projectRef", + "rollout" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "baseline": { + "description": "Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision. For a given OS policy assignment, there is only one revision with a value of `true` for this field.", + "type": "boolean" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "deleted": { + "description": "Output only. Indicates that this revision deletes the OS policy assignment.", + "type": "boolean" + }, + "etag": { + "description": "The etag for this OS policy assignment. If this is provided on update, it must match the server's etag.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "reconciling": { + "description": "Output only. Indicates that reconciliation is in progress for the revision. This value is `true` when the `rollout_state` is one of: * IN_PROGRESS * CANCELLING", + "type": "boolean" + }, + "revisionCreateTime": { + "description": "Output only. The timestamp that the revision was created.", + "format": "date-time", + "type": "string" + }, + "revisionId": { + "description": "Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment", + "type": "string" + }, + "rolloutState": { + "description": "Output only. OS policy assignment rollout state Possible values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, SUCCEEDED", + "type": "string" + }, + "uid": { + "description": "Output only. Server generated unique id for the OS policy assignment resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/privateca.cnrm.cloud.google.com/privatecacapool_v1beta1.json b/privateca.cnrm.cloud.google.com/privatecacapool_v1beta1.json new file mode 100644 index 00000000..6ed4f349 --- /dev/null +++ b/privateca.cnrm.cloud.google.com/privatecacapool_v1beta1.json @@ -0,0 +1,485 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "issuancePolicy": { + "description": "Optional. The IssuancePolicy to control how Certificates will be issued from this CaPool.", + "properties": { + "allowedIssuanceModes": { + "description": "Optional. If specified, then only methods allowed in the IssuanceModes may be used to issue Certificates.", + "properties": { + "allowConfigBasedIssuance": { + "description": "Optional. When true, allows callers to create Certificates by specifying a CertificateConfig.", + "type": "boolean" + }, + "allowCsrBasedIssuance": { + "description": "Optional. When true, allows callers to create Certificates by specifying a CSR.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "allowedKeyTypes": { + "description": "Optional. If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here. Otherwise, any key may be used.", + "items": { + "properties": { + "ellipticCurve": { + "description": "Represents an allowed Elliptic Curve key type.", + "properties": { + "signatureAlgorithm": { + "description": "Optional. A signature algorithm that must be used. If this is omitted, any EC-based signature algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, ECDSA_P256, ECDSA_P384, EDDSA_25519", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "rsa": { + "description": "Represents an allowed RSA key type.", + "properties": { + "maxModulusSize": { + "description": "Optional. The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service will not enforce an explicit upper bound on RSA modulus sizes.", + "format": "int64", + "type": "integer" + }, + "minModulusSize": { + "description": "Optional. The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the service-level min RSA modulus size will continue to apply.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "baselineValues": { + "description": "Optional. A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate request uses a CertificateTemplate that defines conflicting predefined_values for the same properties, the certificate issuance request will fail.", + "properties": { + "additionalExtensions": { + "description": "Optional. Describes custom X.509 extensions.", + "items": { + "properties": { + "critical": { + "description": "Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Required. The value of this X.509 extension.", + "type": "string" + } + }, + "required": [ + "objectId", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "aiaOcspServers": { + "description": "Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + }, + "caOptions": { + "description": "Optional. Describes options in this X509Parameters that are relevant in a CA certificate.", + "properties": { + "isCa": { + "description": "Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.", + "type": "boolean" + }, + "maxIssuerPathLength": { + "description": "Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.", + "format": "int64", + "type": "integer" + }, + "zeroMaxIssuerPathLength": { + "description": "Optional. When true, the \"path length constraint\" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "keyUsage": { + "description": "Optional. Indicates the intended use for keys that correspond to a certificate.", + "properties": { + "baseKeyUsage": { + "description": "Describes high-level ways in which a key may be used.", + "properties": { + "certSign": { + "description": "The key may be used to sign certificates.", + "type": "boolean" + }, + "contentCommitment": { + "description": "The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".", + "type": "boolean" + }, + "crlSign": { + "description": "The key may be used sign certificate revocation lists.", + "type": "boolean" + }, + "dataEncipherment": { + "description": "The key may be used to encipher data.", + "type": "boolean" + }, + "decipherOnly": { + "description": "The key may be used to decipher only.", + "type": "boolean" + }, + "digitalSignature": { + "description": "The key may be used for digital signatures.", + "type": "boolean" + }, + "encipherOnly": { + "description": "The key may be used to encipher only.", + "type": "boolean" + }, + "keyAgreement": { + "description": "The key may be used in a key agreement protocol.", + "type": "boolean" + }, + "keyEncipherment": { + "description": "The key may be used to encipher other keys.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "extendedKeyUsage": { + "description": "Detailed scenarios in which a key may be used.", + "properties": { + "clientAuth": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "codeSigning": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".", + "type": "boolean" + }, + "emailProtection": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".", + "type": "boolean" + }, + "ocspSigning": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".", + "type": "boolean" + }, + "serverAuth": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "timeStamping": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "unknownExtendedKeyUsages": { + "description": "Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "policyIds": { + "description": "Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "identityConstraints": { + "description": "Optional. Describes constraints on identities that may appear in Certificates issued through this CaPool. If this is omitted, then this CaPool will not add restrictions on a certificate's identity.", + "properties": { + "allowSubjectAltNamesPassthrough": { + "description": "Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.", + "type": "boolean" + }, + "allowSubjectPassthrough": { + "description": "Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.", + "type": "boolean" + }, + "celExpression": { + "description": "Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel", + "properties": { + "description": { + "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.", + "type": "string" + }, + "expression": { + "description": "Textual representation of an expression in Common Expression Language syntax.", + "type": "string" + }, + "location": { + "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.", + "type": "string" + }, + "title": { + "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "allowSubjectAltNamesPassthrough", + "allowSubjectPassthrough" + ], + "type": "object", + "additionalProperties": false + }, + "maximumLifetime": { + "description": "Optional. The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority expires before a Certificate's requested maximum_lifetime, the effective lifetime will be explicitly truncated to match it.", + "type": "string" + }, + "passthroughExtensions": { + "description": "Optional. Describes the set of X.509 extensions that may appear in a Certificate issued through this CaPool. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If a certificate request uses a CertificateTemplate with predefined_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this CaPool will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CaPool's baseline_values.", + "properties": { + "additionalExtensions": { + "description": "Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "knownExtensions": { + "description": "Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "publishingOptions": { + "description": "Optional. The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.", + "properties": { + "publishCaCert": { + "description": "Optional. When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\" X.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding X.509 extension will not be written in issued certificates.", + "type": "boolean" + }, + "publishCrl": { + "description": "Optional. When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension in all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not be written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are also rebuilt shortly after a certificate is revoked.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "tier": { + "description": "Immutable. Required. Immutable. The Tier of this CaPool. Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS", + "type": "string" + } + }, + "required": [ + "location", + "projectRef", + "tier" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/privateca.cnrm.cloud.google.com/privatecacertificate_v1beta1.json b/privateca.cnrm.cloud.google.com/privatecacertificate_v1beta1.json new file mode 100644 index 00000000..3035757d --- /dev/null +++ b/privateca.cnrm.cloud.google.com/privatecacertificate_v1beta1.json @@ -0,0 +1,1028 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "caPoolRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The ca_pool for the resource\n\nAllowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificateAuthorityRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The certificate authority for the resource\n\nAllowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificateTemplateRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate.\n\nAllowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "config": { + "description": "Immutable. Immutable. A description of the certificate and key that does not require X.509 or ASN.1.", + "properties": { + "publicKey": { + "description": "Immutable. Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.", + "properties": { + "format": { + "description": "Immutable. Required. The format of the public key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM", + "type": "string" + }, + "key": { + "description": "Immutable. Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field.", + "type": "string" + } + }, + "required": [ + "format", + "key" + ], + "type": "object", + "additionalProperties": false + }, + "subjectConfig": { + "description": "Immutable. Required. Specifies some of the values in a certificate that are related to the subject.", + "properties": { + "subject": { + "description": "Immutable. Required. Contains distinguished name fields such as the common name, location and organization.", + "properties": { + "commonName": { + "description": "Immutable. The \"common name\" of the subject.", + "type": "string" + }, + "countryCode": { + "description": "Immutable. The country code of the subject.", + "type": "string" + }, + "locality": { + "description": "Immutable. The locality or city of the subject.", + "type": "string" + }, + "organization": { + "description": "Immutable. The organization of the subject.", + "type": "string" + }, + "organizationalUnit": { + "description": "Immutable. The organizational_unit of the subject.", + "type": "string" + }, + "postalCode": { + "description": "Immutable. The postal code of the subject.", + "type": "string" + }, + "province": { + "description": "Immutable. The province, territory, or regional state of the subject.", + "type": "string" + }, + "streetAddress": { + "description": "Immutable. The street address of the subject.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectAltName": { + "description": "Immutable. Optional. The subject alternative name fields.", + "properties": { + "dnsNames": { + "description": "Immutable. Contains only valid, fully-qualified host names.", + "items": { + "type": "string" + }, + "type": "array" + }, + "emailAddresses": { + "description": "Immutable. Contains only valid RFC 2822 E-mail addresses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipAddresses": { + "description": "Immutable. Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "uris": { + "description": "Immutable. Contains only valid RFC 3986 URIs.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "subject" + ], + "type": "object", + "additionalProperties": false + }, + "x509Config": { + "description": "Immutable. Required. Describes how some of the technical X.509 fields in a certificate should be populated.", + "properties": { + "additionalExtensions": { + "description": "Immutable. Optional. Describes custom X.509 extensions.", + "items": { + "properties": { + "critical": { + "description": "Immutable. Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Immutable. Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Immutable. Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Immutable. Required. The value of this X.509 extension.", + "type": "string" + } + }, + "required": [ + "objectId", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "aiaOcspServers": { + "description": "Immutable. Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + }, + "caOptions": { + "description": "Immutable. Optional. Describes options in this X509Parameters that are relevant in a CA certificate.", + "properties": { + "isCa": { + "description": "Immutable. Optional. When true, the \"CA\" in Basic Constraints extension will be set to true.", + "type": "boolean" + }, + "maxIssuerPathLength": { + "description": "Immutable. Optional. Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail.", + "format": "int64", + "type": "integer" + }, + "nonCa": { + "description": "Immutable. Optional. When true, the \"CA\" in Basic Constraints extension will be set to false. If both `is_ca` and `non_ca` are unset, the extension will be omitted from the CA certificate.", + "type": "boolean" + }, + "zeroMaxIssuerPathLength": { + "description": "Immutable. Optional. When true, the \"path length constraint\" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "keyUsage": { + "description": "Immutable. Optional. Indicates the intended use for keys that correspond to a certificate.", + "properties": { + "baseKeyUsage": { + "description": "Immutable. Describes high-level ways in which a key may be used.", + "properties": { + "certSign": { + "description": "Immutable. The key may be used to sign certificates.", + "type": "boolean" + }, + "contentCommitment": { + "description": "Immutable. The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".", + "type": "boolean" + }, + "crlSign": { + "description": "Immutable. The key may be used sign certificate revocation lists.", + "type": "boolean" + }, + "dataEncipherment": { + "description": "Immutable. The key may be used to encipher data.", + "type": "boolean" + }, + "decipherOnly": { + "description": "Immutable. The key may be used to decipher only.", + "type": "boolean" + }, + "digitalSignature": { + "description": "Immutable. The key may be used for digital signatures.", + "type": "boolean" + }, + "encipherOnly": { + "description": "Immutable. The key may be used to encipher only.", + "type": "boolean" + }, + "keyAgreement": { + "description": "Immutable. The key may be used in a key agreement protocol.", + "type": "boolean" + }, + "keyEncipherment": { + "description": "Immutable. The key may be used to encipher other keys.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "extendedKeyUsage": { + "description": "Immutable. Detailed scenarios in which a key may be used.", + "properties": { + "clientAuth": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "codeSigning": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".", + "type": "boolean" + }, + "emailProtection": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".", + "type": "boolean" + }, + "ocspSigning": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".", + "type": "boolean" + }, + "serverAuth": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "timeStamping": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "unknownExtendedKeyUsages": { + "description": "Immutable. Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.", + "items": { + "properties": { + "objectIdPath": { + "description": "Immutable. Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "policyIds": { + "description": "Immutable. Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.", + "items": { + "properties": { + "objectIdPath": { + "description": "Immutable. Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "subjectConfig", + "x509Config" + ], + "type": "object", + "additionalProperties": false + }, + "lifetime": { + "description": "Immutable. Required. Immutable. The desired lifetime of a certificate. Used to create the \"not_before_time\" and \"not_after_time\" fields inside an X.509 certificate. Note that the lifetime may be truncated if it would extend past the life of any certificate authority in the issuing chain.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "pemCsr": { + "description": "Immutable. Immutable. A pem-encoded X.509 certificate signing request (CSR).", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "subjectMode": { + "description": "Immutable. Immutable. Specifies how the Certificate's identity fields are to be decided. If this is omitted, the `DEFAULT` subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, DEFAULT, REFLECTED_SPIFFE", + "type": "string" + } + }, + "required": [ + "caPoolRef", + "lifetime", + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "certificateDescription": { + "description": "Output only. A structured description of the issued X.509 certificate.", + "properties": { + "aiaIssuingCertificateUrls": { + "description": "Describes lists of issuer CA certificate URLs that appear in the \"Authority Information Access\" extension in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + }, + "authorityKeyId": { + "description": "Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1", + "properties": { + "keyId": { + "description": "Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certFingerprint": { + "description": "The hash of the x.509 certificate.", + "properties": { + "sha256Hash": { + "description": "The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "crlDistributionPoints": { + "description": "Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13", + "items": { + "type": "string" + }, + "type": "array" + }, + "publicKey": { + "description": "The public key that corresponds to an issued certificate.", + "properties": { + "format": { + "description": "Required. The format of the public key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM", + "type": "string" + }, + "key": { + "description": "Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectDescription": { + "description": "Describes some of the values in a certificate that are related to the subject and lifetime.", + "properties": { + "hexSerialNumber": { + "description": "The serial number encoded in lowercase hexadecimal.", + "type": "string" + }, + "lifetime": { + "description": "For convenience, the actual lifetime of an issued certificate.", + "type": "string" + }, + "notAfterTime": { + "description": "The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.", + "format": "date-time", + "type": "string" + }, + "notBeforeTime": { + "description": "The time at which the certificate becomes valid.", + "format": "date-time", + "type": "string" + }, + "subject": { + "description": "Contains distinguished name fields such as the common name, location and / organization.", + "properties": { + "commonName": { + "description": "The \"common name\" of the subject.", + "type": "string" + }, + "countryCode": { + "description": "The country code of the subject.", + "type": "string" + }, + "locality": { + "description": "The locality or city of the subject.", + "type": "string" + }, + "organization": { + "description": "The organization of the subject.", + "type": "string" + }, + "organizationalUnit": { + "description": "The organizational_unit of the subject.", + "type": "string" + }, + "postalCode": { + "description": "The postal code of the subject.", + "type": "string" + }, + "province": { + "description": "The province, territory, or regional state of the subject.", + "type": "string" + }, + "streetAddress": { + "description": "The street address of the subject.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectAltName": { + "description": "The subject alternative name fields.", + "properties": { + "customSans": { + "description": "Contains additional subject alternative name values.", + "items": { + "properties": { + "critical": { + "description": "Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Required. The value of this X.509 extension.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "dnsNames": { + "description": "Contains only valid, fully-qualified host names.", + "items": { + "type": "string" + }, + "type": "array" + }, + "emailAddresses": { + "description": "Contains only valid RFC 2822 E-mail addresses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipAddresses": { + "description": "Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "uris": { + "description": "Contains only valid RFC 3986 URIs.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectKeyId": { + "description": "Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.", + "properties": { + "keyId": { + "description": "Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "x509Description": { + "description": "Describes some of the technical X.509 fields in a certificate.", + "properties": { + "additionalExtensions": { + "description": "Optional. Describes custom X.509 extensions.", + "items": { + "properties": { + "critical": { + "description": "Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Required. The value of this X.509 extension.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "aiaOcspServers": { + "description": "Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + }, + "caOptions": { + "description": "Optional. Describes options in this X509Parameters that are relevant in a CA certificate.", + "properties": { + "isCa": { + "description": "Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.", + "type": "boolean" + }, + "maxIssuerPathLength": { + "description": "Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "keyUsage": { + "description": "Optional. Indicates the intended use for keys that correspond to a certificate.", + "properties": { + "baseKeyUsage": { + "description": "Describes high-level ways in which a key may be used.", + "properties": { + "certSign": { + "description": "The key may be used to sign certificates.", + "type": "boolean" + }, + "contentCommitment": { + "description": "The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".", + "type": "boolean" + }, + "crlSign": { + "description": "The key may be used sign certificate revocation lists.", + "type": "boolean" + }, + "dataEncipherment": { + "description": "The key may be used to encipher data.", + "type": "boolean" + }, + "decipherOnly": { + "description": "The key may be used to decipher only.", + "type": "boolean" + }, + "digitalSignature": { + "description": "The key may be used for digital signatures.", + "type": "boolean" + }, + "encipherOnly": { + "description": "The key may be used to encipher only.", + "type": "boolean" + }, + "keyAgreement": { + "description": "The key may be used in a key agreement protocol.", + "type": "boolean" + }, + "keyEncipherment": { + "description": "The key may be used to encipher other keys.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "extendedKeyUsage": { + "description": "Detailed scenarios in which a key may be used.", + "properties": { + "clientAuth": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "codeSigning": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".", + "type": "boolean" + }, + "emailProtection": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".", + "type": "boolean" + }, + "ocspSigning": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".", + "type": "boolean" + }, + "serverAuth": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "timeStamping": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "unknownExtendedKeyUsages": { + "description": "Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "policyIds": { + "description": "Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time at which this Certificate was created.", + "format": "date-time", + "type": "string" + }, + "issuerCertificateAuthority": { + "description": "Output only. The resource name of the issuing CertificateAuthority in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "pemCertificate": { + "description": "Output only. The pem-encoded, signed X.509 certificate.", + "type": "string" + }, + "pemCertificateChain": { + "description": "Output only. The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.", + "items": { + "type": "string" + }, + "type": "array" + }, + "revocationDetails": { + "description": "Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.", + "properties": { + "revocationState": { + "description": "Indicates why a Certificate was revoked. Possible values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE", + "type": "string" + }, + "revocationTime": { + "description": "The time at which this Certificate was revoked.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "updateTime": { + "description": "Output only. The time at which this Certificate was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/privateca.cnrm.cloud.google.com/privatecacertificateauthority_v1beta1.json b/privateca.cnrm.cloud.google.com/privatecacertificateauthority_v1beta1.json new file mode 100644 index 00000000..fb0de7ff --- /dev/null +++ b/privateca.cnrm.cloud.google.com/privatecacertificateauthority_v1beta1.json @@ -0,0 +1,1122 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "caPoolRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The caPool for the resource\n\nAllowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "config": { + "description": "Immutable. Required. Immutable. The config used to create a self-signed X.509 certificate or CSR.", + "properties": { + "subjectConfig": { + "description": "Immutable. Required. Specifies some of the values in a certificate that are related to the subject.", + "properties": { + "subject": { + "description": "Immutable. Required. Contains distinguished name fields such as the common name, location and organization.", + "properties": { + "commonName": { + "description": "Immutable. The \"common name\" of the subject.", + "type": "string" + }, + "countryCode": { + "description": "Immutable. The country code of the subject.", + "type": "string" + }, + "locality": { + "description": "Immutable. The locality or city of the subject.", + "type": "string" + }, + "organization": { + "description": "Immutable. The organization of the subject.", + "type": "string" + }, + "organizationalUnit": { + "description": "Immutable. The organizational_unit of the subject.", + "type": "string" + }, + "postalCode": { + "description": "Immutable. The postal code of the subject.", + "type": "string" + }, + "province": { + "description": "Immutable. The province, territory, or regional state of the subject.", + "type": "string" + }, + "streetAddress": { + "description": "Immutable. The street address of the subject.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectAltName": { + "description": "Immutable. Optional. The subject alternative name fields.", + "properties": { + "customSans": { + "description": "Immutable. Contains additional subject alternative name values.", + "items": { + "properties": { + "critical": { + "description": "Immutable. Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Immutable. Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Immutable. Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Immutable. Required. The value of this X.509 extension.", + "type": "string" + } + }, + "required": [ + "objectId", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "dnsNames": { + "description": "Immutable. Contains only valid, fully-qualified host names.", + "items": { + "type": "string" + }, + "type": "array" + }, + "emailAddresses": { + "description": "Immutable. Contains only valid RFC 2822 E-mail addresses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipAddresses": { + "description": "Immutable. Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "uris": { + "description": "Immutable. Contains only valid RFC 3986 URIs.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "subject" + ], + "type": "object", + "additionalProperties": false + }, + "x509Config": { + "description": "Immutable. Required. Describes how some of the technical X.509 fields in a certificate should be populated.", + "properties": { + "additionalExtensions": { + "description": "Immutable. Optional. Describes custom X.509 extensions.", + "items": { + "properties": { + "critical": { + "description": "Immutable. Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Immutable. Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Immutable. Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Immutable. Required. The value of this X.509 extension.", + "type": "string" + } + }, + "required": [ + "objectId", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "caOptions": { + "description": "Immutable. Optional. Describes options in this X509Parameters that are relevant in a CA certificate.", + "properties": { + "isCa": { + "description": "Immutable. Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.", + "type": "boolean" + }, + "maxIssuerPathLength": { + "description": "Immutable. Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.", + "format": "int64", + "type": "integer" + }, + "zeroMaxIssuerPathLength": { + "description": "Immutable. Optional. When true, the \"path length constraint\" in Basic Constraints extension will be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length are unset, the max path length will be omitted from the CA certificate.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "keyUsage": { + "description": "Immutable. Optional. Indicates the intended use for keys that correspond to a certificate.", + "properties": { + "baseKeyUsage": { + "description": "Immutable. Describes high-level ways in which a key may be used.", + "properties": { + "certSign": { + "description": "Immutable. The key may be used to sign certificates.", + "type": "boolean" + }, + "contentCommitment": { + "description": "Immutable. The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".", + "type": "boolean" + }, + "crlSign": { + "description": "Immutable. The key may be used sign certificate revocation lists.", + "type": "boolean" + }, + "dataEncipherment": { + "description": "Immutable. The key may be used to encipher data.", + "type": "boolean" + }, + "decipherOnly": { + "description": "Immutable. The key may be used to decipher only.", + "type": "boolean" + }, + "digitalSignature": { + "description": "Immutable. The key may be used for digital signatures.", + "type": "boolean" + }, + "encipherOnly": { + "description": "Immutable. The key may be used to encipher only.", + "type": "boolean" + }, + "keyAgreement": { + "description": "Immutable. The key may be used in a key agreement protocol.", + "type": "boolean" + }, + "keyEncipherment": { + "description": "Immutable. The key may be used to encipher other keys.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "extendedKeyUsage": { + "description": "Immutable. Detailed scenarios in which a key may be used.", + "properties": { + "clientAuth": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "codeSigning": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".", + "type": "boolean" + }, + "emailProtection": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".", + "type": "boolean" + }, + "ocspSigning": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".", + "type": "boolean" + }, + "serverAuth": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "timeStamping": { + "description": "Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "unknownExtendedKeyUsages": { + "description": "Immutable. Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.", + "items": { + "properties": { + "objectIdPath": { + "description": "Immutable. Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "policyIds": { + "description": "Immutable. Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.", + "items": { + "properties": { + "objectIdPath": { + "description": "Immutable. Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "subjectConfig", + "x509Config" + ], + "type": "object", + "additionalProperties": false + }, + "gcsBucketRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created.\n\nAllowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "keySpec": { + "description": "Immutable. Required. Immutable. Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority is a self-signed CertificateAuthority, this key is also used to sign the self-signed CA certificate. Otherwise, it is used to sign a CSR.", + "properties": { + "algorithm": { + "description": "Immutable. The algorithm to use for creating a managed Cloud KMS key for a for a simplified experience. All managed keys will be have their ProtectionLevel as `HSM`. Possible values: RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, EC_P256_SHA256, EC_P384_SHA384", + "type": "string" + }, + "cloudKmsKeyVersionRef": { + "description": "Immutable.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The resource name for an existing Cloud KMS CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. This option enables full flexibility in the key's capabilities and properties.", + "type": "string" + }, + "name": { + "description": "[WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources.\nName of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "lifetime": { + "description": "Immutable. Required. The desired lifetime of the CA certificate. Used to create the \"not_before_time\" and \"not_after_time\" fields inside an X.509 certificate.", + "type": "string" + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "type": { + "description": "Immutable. Required. Immutable. The Type of this CertificateAuthority. Possible values: SELF_SIGNED, SUBORDINATE", + "type": "string" + } + }, + "required": [ + "caPoolRef", + "config", + "keySpec", + "lifetime", + "location", + "projectRef", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "accessUrls": { + "description": "Output only. URLs for accessing content published by this CA, such as the CA certificate and CRLs.", + "properties": { + "caCertificateAccessUrl": { + "description": "The URL where this CertificateAuthority's CA certificate is published. This will only be set for CAs that have been activated.", + "type": "string" + }, + "crlAccessUrls": { + "description": "The URLs where this CertificateAuthority's CRLs are published. This will only be set for CAs that have been activated.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "caCertificateDescriptions": { + "description": "Output only. A structured description of this CertificateAuthority's CA certificate and its issuers. Ordered as self-to-root.", + "items": { + "properties": { + "aiaIssuingCertificateUrls": { + "description": "Describes lists of issuer CA certificate URLs that appear in the \"Authority Information Access\" extension in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + }, + "authorityKeyId": { + "description": "Identifies the subject_key_id of the parent certificate, per https://tools.ietf.org/html/rfc5280#section-4.2.1.1", + "properties": { + "keyId": { + "description": "Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certFingerprint": { + "description": "The hash of the x.509 certificate.", + "properties": { + "sha256Hash": { + "description": "The SHA 256 hash, encoded in hexadecimal, of the DER x509 certificate.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "crlDistributionPoints": { + "description": "Describes a list of locations to obtain CRL information, i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13", + "items": { + "type": "string" + }, + "type": "array" + }, + "publicKey": { + "description": "The public key that corresponds to an issued certificate.", + "properties": { + "format": { + "description": "Required. The format of the public key. Possible values: PEM", + "type": "string" + }, + "key": { + "description": "Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectDescription": { + "description": "Describes some of the values in a certificate that are related to the subject and lifetime.", + "properties": { + "hexSerialNumber": { + "description": "The serial number encoded in lowercase hexadecimal.", + "type": "string" + }, + "lifetime": { + "description": "For convenience, the actual lifetime of an issued certificate.", + "type": "string" + }, + "notAfterTime": { + "description": "The time after which the certificate is expired. Per RFC 5280, the validity period for a certificate is the period of time from not_before_time through not_after_time, inclusive. Corresponds to 'not_before_time' + 'lifetime' - 1 second.", + "format": "date-time", + "type": "string" + }, + "notBeforeTime": { + "description": "The time at which the certificate becomes valid.", + "format": "date-time", + "type": "string" + }, + "subject": { + "description": "Contains distinguished name fields such as the common name, location and organization.", + "properties": { + "commonName": { + "description": "The \"common name\" of the subject.", + "type": "string" + }, + "countryCode": { + "description": "The country code of the subject.", + "type": "string" + }, + "locality": { + "description": "The locality or city of the subject.", + "type": "string" + }, + "organization": { + "description": "The organization of the subject.", + "type": "string" + }, + "organizationalUnit": { + "description": "The organizational_unit of the subject.", + "type": "string" + }, + "postalCode": { + "description": "The postal code of the subject.", + "type": "string" + }, + "province": { + "description": "The province, territory, or regional state of the subject.", + "type": "string" + }, + "streetAddress": { + "description": "The street address of the subject.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectAltName": { + "description": "The subject alternative name fields.", + "properties": { + "customSans": { + "description": "Contains additional subject alternative name values.", + "items": { + "properties": { + "critical": { + "description": "Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Required. The value of this X.509 extension.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "dnsNames": { + "description": "Contains only valid, fully-qualified host names.", + "items": { + "type": "string" + }, + "type": "array" + }, + "emailAddresses": { + "description": "Contains only valid RFC 2822 E-mail addresses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ipAddresses": { + "description": "Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.", + "items": { + "type": "string" + }, + "type": "array" + }, + "uris": { + "description": "Contains only valid RFC 3986 URIs.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "subjectKeyId": { + "description": "Provides a means of identifiying certificates that contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2.", + "properties": { + "keyId": { + "description": "Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "x509Description": { + "description": "Describes some of the technical X.509 fields in a certificate.", + "properties": { + "additionalExtensions": { + "description": "Optional. Describes custom X.509 extensions.", + "items": { + "properties": { + "critical": { + "description": "Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Required. The value of this X.509 extension.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "aiaOcspServers": { + "description": "Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + }, + "caOptions": { + "description": "Optional. Describes options in this X509Parameters that are relevant in a CA certificate.", + "properties": { + "isCa": { + "description": "Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.", + "type": "boolean" + }, + "maxIssuerPathLength": { + "description": "Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "keyUsage": { + "description": "Optional. Indicates the intended use for keys that correspond to a certificate.", + "properties": { + "baseKeyUsage": { + "description": "Describes high-level ways in which a key may be used.", + "properties": { + "certSign": { + "description": "The key may be used to sign certificates.", + "type": "boolean" + }, + "contentCommitment": { + "description": "The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".", + "type": "boolean" + }, + "crlSign": { + "description": "The key may be used sign certificate revocation lists.", + "type": "boolean" + }, + "dataEncipherment": { + "description": "The key may be used to encipher data.", + "type": "boolean" + }, + "decipherOnly": { + "description": "The key may be used to decipher only.", + "type": "boolean" + }, + "digitalSignature": { + "description": "The key may be used for digital signatures.", + "type": "boolean" + }, + "encipherOnly": { + "description": "The key may be used to encipher only.", + "type": "boolean" + }, + "keyAgreement": { + "description": "The key may be used in a key agreement protocol.", + "type": "boolean" + }, + "keyEncipherment": { + "description": "The key may be used to encipher other keys.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "extendedKeyUsage": { + "description": "Detailed scenarios in which a key may be used.", + "properties": { + "clientAuth": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "codeSigning": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".", + "type": "boolean" + }, + "emailProtection": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".", + "type": "boolean" + }, + "ocspSigning": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".", + "type": "boolean" + }, + "serverAuth": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "timeStamping": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "unknownExtendedKeyUsages": { + "description": "Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "policyIds": { + "description": "Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "config": { + "properties": { + "publicKey": { + "description": "Optional. The public key that corresponds to this config. This is, for example, used when issuing Certificates, but not when creating a self-signed CertificateAuthority or CertificateAuthority CSR.", + "properties": { + "format": { + "description": "Required. The format of the public key. Possible values: PEM", + "type": "string" + }, + "key": { + "description": "Required. A public key. The padding and encoding must match with the `KeyFormat` value specified for the `format` field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "x509Config": { + "properties": { + "aiaOcspServers": { + "description": "Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "createTime": { + "description": "Output only. The time at which this CertificateAuthority was created.", + "format": "date-time", + "type": "string" + }, + "deleteTime": { + "description": "Output only. The time at which this CertificateAuthority was soft deleted, if it is in the DELETED state.", + "format": "date-time", + "type": "string" + }, + "expireTime": { + "description": "Output only. The time at which this CertificateAuthority will be permanently purged, if it is in the DELETED state.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "pemCaCertificates": { + "description": "Output only. This CertificateAuthority's certificate chain, including the current CertificateAuthority's certificate. Ordered such that the root issuer is the final element (consistent with RFC 5246). For a self-signed CA, this will only list the current CertificateAuthority's certificate.", + "items": { + "type": "string" + }, + "type": "array" + }, + "state": { + "description": "Output only. The State for this CertificateAuthority. Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, DELETED", + "type": "string" + }, + "subordinateConfig": { + "description": "Optional. If this is a subordinate CertificateAuthority, this field will be set with the subordinate configuration, which describes its issuers. This may be updated, but this CertificateAuthority must continue to validate.", + "properties": { + "certificateAuthority": { + "description": "Required. This can refer to a CertificateAuthority in the same project that was used to create a subordinate CertificateAuthority. This field is used for information and usability purposes only. The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`.", + "type": "string" + }, + "pemIssuerChain": { + "description": "Required. Contains the PEM certificate chain for the issuers of this CertificateAuthority, but not pem certificate for this CA itself.", + "properties": { + "pemCertificates": { + "description": "Required. Expected to be in leaf-to-root order according to RFC 5246.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "tier": { + "description": "Output only. The CaPool.Tier of the CaPool that includes this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS", + "type": "string" + }, + "updateTime": { + "description": "Output only. The time at which this CertificateAuthority was last updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/privateca.cnrm.cloud.google.com/privatecacertificatetemplate_v1beta1.json b/privateca.cnrm.cloud.google.com/privatecacertificatetemplate_v1beta1.json new file mode 100644 index 00000000..a4627586 --- /dev/null +++ b/privateca.cnrm.cloud.google.com/privatecacertificatetemplate_v1beta1.json @@ -0,0 +1,411 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Optional. A human-readable description of scenarios this template is intended for.", + "type": "string" + }, + "identityConstraints": { + "description": "Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.", + "properties": { + "allowSubjectAltNamesPassthrough": { + "description": "Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.", + "type": "boolean" + }, + "allowSubjectPassthrough": { + "description": "Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.", + "type": "boolean" + }, + "celExpression": { + "description": "Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel", + "properties": { + "description": { + "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.", + "type": "string" + }, + "expression": { + "description": "Textual representation of an expression in Common Expression Language syntax.", + "type": "string" + }, + "location": { + "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.", + "type": "string" + }, + "title": { + "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "allowSubjectAltNamesPassthrough", + "allowSubjectPassthrough" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The location for the resource", + "type": "string" + }, + "passthroughExtensions": { + "description": "Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.", + "properties": { + "additionalExtensions": { + "description": "Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "knownExtensions": { + "description": "Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "predefinedValues": { + "description": "Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.", + "properties": { + "additionalExtensions": { + "description": "Optional. Describes custom X.509 extensions.", + "items": { + "properties": { + "critical": { + "description": "Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).", + "type": "boolean" + }, + "objectId": { + "description": "Required. The OID for this X.509 extension.", + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Required. The value of this X.509 extension.", + "type": "string" + } + }, + "required": [ + "objectId", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "aiaOcspServers": { + "description": "Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + }, + "caOptions": { + "description": "Optional. Describes options in this X509Parameters that are relevant in a CA certificate.", + "properties": { + "isCa": { + "description": "Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.", + "type": "boolean" + }, + "maxIssuerPathLength": { + "description": "Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "keyUsage": { + "description": "Optional. Indicates the intended use for keys that correspond to a certificate.", + "properties": { + "baseKeyUsage": { + "description": "Describes high-level ways in which a key may be used.", + "properties": { + "certSign": { + "description": "The key may be used to sign certificates.", + "type": "boolean" + }, + "contentCommitment": { + "description": "The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".", + "type": "boolean" + }, + "crlSign": { + "description": "The key may be used sign certificate revocation lists.", + "type": "boolean" + }, + "dataEncipherment": { + "description": "The key may be used to encipher data.", + "type": "boolean" + }, + "decipherOnly": { + "description": "The key may be used to decipher only.", + "type": "boolean" + }, + "digitalSignature": { + "description": "The key may be used for digital signatures.", + "type": "boolean" + }, + "encipherOnly": { + "description": "The key may be used to encipher only.", + "type": "boolean" + }, + "keyAgreement": { + "description": "The key may be used in a key agreement protocol.", + "type": "boolean" + }, + "keyEncipherment": { + "description": "The key may be used to encipher other keys.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "extendedKeyUsage": { + "description": "Detailed scenarios in which a key may be used.", + "properties": { + "clientAuth": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "codeSigning": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".", + "type": "boolean" + }, + "emailProtection": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".", + "type": "boolean" + }, + "ocspSigning": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".", + "type": "boolean" + }, + "serverAuth": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.", + "type": "boolean" + }, + "timeStamping": { + "description": "Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "unknownExtendedKeyUsages": { + "description": "Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "policyIds": { + "description": "Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.", + "items": { + "properties": { + "objectIdPath": { + "description": "Required. The parts of an OID path. The most significant parts of the path come first.", + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "required": [ + "objectIdPath" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. The time at which this CertificateTemplate was created.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. The time at which this CertificateTemplate was updated.", + "format": "date-time", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/pubsub.cnrm.cloud.google.com/pubsubschema_v1beta1.json b/pubsub.cnrm.cloud.google.com/pubsubschema_v1beta1.json new file mode 100644 index 00000000..af5c893e --- /dev/null +++ b/pubsub.cnrm.cloud.google.com/pubsubschema_v1beta1.json @@ -0,0 +1,130 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "definition": { + "description": "The definition of the schema.\nThis should contain a string representing the full definition of the schema\nthat is a valid schema definition of the type specified in type.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "type": { + "description": "The type of the schema definition Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"PROTOCOL_BUFFER\", \"AVRO\"].", + "type": "string" + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/pubsub.cnrm.cloud.google.com/pubsubsubscription_v1beta1.json b/pubsub.cnrm.cloud.google.com/pubsubsubscription_v1beta1.json new file mode 100644 index 00000000..b45c2e27 --- /dev/null +++ b/pubsub.cnrm.cloud.google.com/pubsubsubscription_v1beta1.json @@ -0,0 +1,451 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "ackDeadlineSeconds": { + "description": "This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.", + "type": "integer" + }, + "bigqueryConfig": { + "description": "If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.", + "properties": { + "dropUnknownFields": { + "description": "When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery.\nOtherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog.", + "type": "boolean" + }, + "tableRef": { + "description": "The name of the table to which to write data.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, where {{value}} is the `name` field of a `BigQueryTable` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "useTopicSchema": { + "description": "When true, use the topic's schema as the columns to write to in BigQuery, if it exists.", + "type": "boolean" + }, + "writeMetadata": { + "description": "When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table.\nThe subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column.", + "type": "boolean" + } + }, + "required": [ + "tableRef" + ], + "type": "object", + "additionalProperties": false + }, + "cloudStorageConfig": { + "description": "If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.", + "properties": { + "avroConfig": { + "description": "If set, message data will be written to Cloud Storage in Avro format.", + "properties": { + "writeMetadata": { + "description": "When true, write the subscription name, messageId, publishTime, attributes, and orderingKey as additional fields in the output.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "bucketRef": { + "description": "User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like \"gs://\".", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "filenamePrefix": { + "description": "User-provided prefix for Cloud Storage filename.", + "type": "string" + }, + "filenameSuffix": { + "description": "User-provided suffix for Cloud Storage filename. Must not end in \"/\".", + "type": "string" + }, + "maxBytes": { + "description": "The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB.\nThe maxBytes limit may be exceeded in cases where messages are larger than the limit.", + "type": "integer" + }, + "maxDuration": { + "description": "The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes.\nMay not exceed the subscription's acknowledgement deadline.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".", + "type": "string" + }, + "state": { + "description": "An output-only field that indicates whether or not the subscription can receive messages.", + "type": "string" + } + }, + "required": [ + "bucketRef" + ], + "type": "object", + "additionalProperties": false + }, + "deadLetterPolicy": { + "description": "A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.", + "properties": { + "deadLetterTopicRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "maxDeliveryAttempts": { + "description": "The maximum number of delivery attempts for any message. The value must be\nbetween 5 and 100.\n\nThe number of delivery attempts is defined as 1 + (the sum of number of\nNACKs and number of times the acknowledgement deadline has been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline with a 0 deadline. Note that\nclient libraries may automatically extend ack_deadlines.\n\nThis field will be honored on a best effort basis.\n\nIf this parameter is 0, a default value of 5 is used.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "enableExactlyOnceDelivery": { + "description": "If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values.", + "type": "boolean" + }, + "enableMessageOrdering": { + "description": "Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.", + "type": "boolean" + }, + "expirationPolicy": { + "description": "A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.", + "properties": { + "ttl": { + "description": "Specifies the \"time-to-live\" duration for an associated resource. The\nresource expires if it is not active for a period of ttl.\nIf ttl is set to \"\", the associated resource never expires.\nA duration in seconds with up to nine fractional digits, terminated by 's'.\nExample - \"3.5s\".", + "type": "string" + } + }, + "required": [ + "ttl" + ], + "type": "object", + "additionalProperties": false + }, + "filter": { + "description": "Immutable. The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.", + "type": "string" + }, + "messageRetentionDuration": { + "description": "How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.", + "type": "string" + }, + "pushConfig": { + "description": "If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.", + "properties": { + "attributes": { + "additionalProperties": { + "type": "string" + }, + "description": "Endpoint configuration attributes.\n\nEvery endpoint has a set of API supported attributes that can\nbe used to control different aspects of the message delivery.\n\nThe currently supported attribute is x-goog-version, which you\ncan use to change the format of the pushed message. This\nattribute indicates the version of the data expected by\nthe endpoint. This controls the shape of the pushed message\n(i.e., its fields and metadata). The endpoint version is\nbased on the version of the Pub/Sub API.\n\nIf not present during the subscriptions.create call,\nit will default to the version of the API used to make\nsuch call. If not present during a subscriptions.modifyPushConfig\ncall, its value will not be changed. subscriptions.get\ncalls will always return a valid version, even if the\nsubscription was created without this attribute.\n\nThe possible values for this attribute are:\n\n- v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.\n- v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.", + "type": "object" + }, + "noWrapper": { + "description": "When set, the payload to the push endpoint is not wrapped.Sets the\n'data' field as the HTTP body for delivery.", + "properties": { + "writeMetadata": { + "description": "When true, writes the Pub/Sub message metadata to\n'x-goog-pubsub-:' headers of the HTTP request. Writes the\nPub/Sub message attributes to ':' headers of the HTTP request.", + "type": "boolean" + } + }, + "required": [ + "writeMetadata" + ], + "type": "object", + "additionalProperties": false + }, + "oidcToken": { + "description": "If specified, Pub/Sub will generate and attach an OIDC JWT token as\nan Authorization header in the HTTP request for every pushed message.", + "properties": { + "audience": { + "description": "Audience to be used when generating OIDC token. The audience claim\nidentifies the recipients that the JWT is intended for. The audience\nvalue is a single case-sensitive string. Having multiple values (array)\nfor the audience field is not supported. More info about the OIDC JWT\ntoken audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3\nNote: if not specified, the Push endpoint URL will be used.", + "type": "string" + }, + "serviceAccountEmail": { + "description": "Service account email to be used for generating the OIDC token.\nThe caller (for subscriptions.create, subscriptions.patch, and\nsubscriptions.modifyPushConfig RPCs) must have the\niam.serviceAccounts.actAs permission for the service account.", + "type": "string" + } + }, + "required": [ + "serviceAccountEmail" + ], + "type": "object", + "additionalProperties": false + }, + "pushEndpoint": { + "description": "A URL locating the endpoint to which messages should be pushed.\nFor example, a Webhook endpoint might use\n\"https://example.com/push\".", + "type": "string" + } + }, + "required": [ + "pushEndpoint" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "retainAckedMessages": { + "description": "Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.", + "type": "boolean" + }, + "retryPolicy": { + "description": "A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message.", + "properties": { + "maximumBackoff": { + "description": "The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "minimumBackoff": { + "description": "The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "topicRef": { + "description": "Reference to a PubSubTopic.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "topicRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/pubsub.cnrm.cloud.google.com/pubsubtopic_v1beta1.json b/pubsub.cnrm.cloud.google.com/pubsubtopic_v1beta1.json new file mode 100644 index 00000000..ee7b396b --- /dev/null +++ b/pubsub.cnrm.cloud.google.com/pubsubtopic_v1beta1.json @@ -0,0 +1,200 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "kmsKeyRef": { + "description": "The KMSCryptoKey to be used to protect access to messages published\non this topic. Your project's Pub/Sub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com')\nmust have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this\nfeature.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "messageRetentionDuration": { + "description": "Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nCannot be more than 31 days or less than 10 minutes.", + "type": "string" + }, + "messageStoragePolicy": { + "description": "Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.", + "properties": { + "allowedPersistenceRegions": { + "description": "A list of IDs of GCP regions where messages that are published to\nthe topic may be persisted in storage. Messages published by\npublishers running in non-allowed GCP regions (or running outside\nof GCP altogether) will be routed for storage in one of the\nallowed regions. An empty list means that no regions are allowed,\nand is not a valid configuration.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "allowedPersistenceRegions" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "schemaSettings": { + "description": "Settings for validating messages published against a schema.", + "properties": { + "encoding": { + "description": "The encoding of messages validated against schema. Default value: \"ENCODING_UNSPECIFIED\" Possible values: [\"ENCODING_UNSPECIFIED\", \"JSON\", \"BINARY\"].", + "type": "string" + }, + "schemaRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, where {{value}} is the `name` field of a `PubSubSchema` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "schemaRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/pubsublite.cnrm.cloud.google.com/pubsublitereservation_v1beta1.json b/pubsublite.cnrm.cloud.google.com/pubsublitereservation_v1beta1.json new file mode 100644 index 00000000..2b75a3cc --- /dev/null +++ b/pubsublite.cnrm.cloud.google.com/pubsublitereservation_v1beta1.json @@ -0,0 +1,132 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "The region of the pubsub lite reservation.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "throughputCapacity": { + "description": "The reserved throughput capacity. Every unit of throughput capacity is\nequivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed\nmessages.", + "type": "integer" + } + }, + "required": [ + "projectRef", + "region", + "throughputCapacity" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/recaptchaenterprise.cnrm.cloud.google.com/recaptchaenterprisekey_v1beta1.json b/recaptchaenterprise.cnrm.cloud.google.com/recaptchaenterprisekey_v1beta1.json new file mode 100644 index 00000000..cce699a8 --- /dev/null +++ b/recaptchaenterprise.cnrm.cloud.google.com/recaptchaenterprisekey_v1beta1.json @@ -0,0 +1,236 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "androidSettings": { + "description": "Settings for keys that can be used by Android apps.", + "properties": { + "allowAllPackageNames": { + "description": "If set to true, it means allowed_package_names will not be enforced.", + "type": "boolean" + }, + "allowedPackageNames": { + "description": "Android package names of apps allowed to use the key. Example: 'com.companyname.appname'", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "Human-readable display name of this key. Modifiable by user.", + "type": "string" + }, + "iosSettings": { + "description": "Settings for keys that can be used by iOS apps.", + "properties": { + "allowAllBundleIds": { + "description": "If set to true, it means allowed_bundle_ids will not be enforced.", + "type": "boolean" + }, + "allowedBundleIds": { + "description": "iOS bundle ids of apps allowed to use the key. Example: 'com.companyname.productname.appname'", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The Project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "The project for the resource\n\nAllowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "testingOptions": { + "description": "Immutable. Options for user acceptance testing.", + "properties": { + "testingChallenge": { + "description": "Immutable. For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests for this site will return nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE", + "type": "string" + }, + "testingScore": { + "description": "Immutable. All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive.", + "format": "double", + "type": "number" + } + }, + "type": "object", + "additionalProperties": false + }, + "wafSettings": { + "description": "Immutable. Settings specific to keys that can be used for WAF (Web Application Firewall).", + "properties": { + "wafFeature": { + "description": "Immutable. Supported WAF features. For more information, see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, EXPRESS", + "type": "string" + }, + "wafService": { + "description": "Immutable. The WAF service that uses this key. Possible values: CA, FASTLY", + "type": "string" + } + }, + "required": [ + "wafFeature", + "wafService" + ], + "type": "object", + "additionalProperties": false + }, + "webSettings": { + "description": "Settings for keys that can be used by websites.", + "properties": { + "allowAllDomains": { + "description": "If set to true, it means allowed_domains will not be enforced.", + "type": "boolean" + }, + "allowAmpTraffic": { + "description": "If set to true, the key can be used on AMP (Accelerated Mobile Pages) websites. This is supported only for the SCORE integration type.", + "type": "boolean" + }, + "allowedDomains": { + "description": "Domains or subdomains of websites allowed to use the key. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: 'example.com' or 'subdomain.example.com'", + "items": { + "type": "string" + }, + "type": "array" + }, + "challengeSecurityPreference": { + "description": "Settings for the frequency and difficulty at which this key triggers captcha challenges. This should only be specified for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, SECURITY", + "type": "string" + }, + "integrationType": { + "description": "Immutable. Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE", + "type": "string" + } + }, + "required": [ + "integrationType" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "displayName", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The timestamp corresponding to the creation of this Key.", + "format": "date-time", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/redis.cnrm.cloud.google.com/redisinstance_v1beta1.json b/redis.cnrm.cloud.google.com/redisinstance_v1beta1.json new file mode 100644 index 00000000..fe141b95 --- /dev/null +++ b/redis.cnrm.cloud.google.com/redisinstance_v1beta1.json @@ -0,0 +1,458 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "alternativeLocationId": { + "description": "Immutable. Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].", + "type": "string" + }, + "authEnabled": { + "description": "Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.", + "type": "boolean" + }, + "authString": { + "description": "Output only. AUTH String set on the instance. This field will only be populated if auth_enabled is true.", + "type": "string" + }, + "authorizedNetworkRef": { + "description": "The network to which the instance is connected. If left\nunspecified, the default network will be used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "connectMode": { + "description": "Immutable. The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"].", + "type": "string" + }, + "customerManagedKeyRef": { + "description": "Immutable. Optional. The KMS key reference that you want to use to\nencrypt the data at rest for this Redis instance. If this is\nprovided, CMEK is enabled.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "displayName": { + "description": "An arbitrary and optional user-provided name for the instance.", + "type": "string" + }, + "locationId": { + "description": "Immutable. The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].", + "type": "string" + }, + "maintenancePolicy": { + "description": "Maintenance policy for an instance.", + "properties": { + "createTime": { + "description": "Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "description": { + "description": "Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.", + "type": "string" + }, + "updateTime": { + "description": "Output only. The time when the policy was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "weeklyMaintenanceWindow": { + "description": "Optional. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number\nof weekly_window is expected to be one.", + "items": { + "properties": { + "day": { + "description": "Required. The day of week that maintenance updates occur.\n\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"].", + "type": "string" + }, + "duration": { + "description": "Output only. Duration of the maintenance window.\nThe current window is fixed at 1 hour.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "startTime": { + "description": "Required. Start time of the window in UTC time.", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "day", + "startTime" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "maintenanceSchedule": { + "description": "Upcoming maintenance schedule.", + "items": { + "properties": { + "endTime": { + "description": "Output only. The end time of any upcoming scheduled maintenance for this instance.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "scheduleDeadlineTime": { + "description": "Output only. The deadline that the maintenance schedule start time\ncan not go beyond, including reschedule.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "startTime": { + "description": "Output only. The start time of any upcoming scheduled maintenance for this instance.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "memorySizeGb": { + "description": "Redis memory size in GiB.", + "type": "integer" + }, + "persistenceConfig": { + "description": "Persistence configuration for an instance.", + "properties": { + "persistenceMode": { + "description": "Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence is disabled for the instance, and any existing snapshots are deleted.\n- RDB: RDB based Persistence is enabled. Possible values: [\"DISABLED\", \"RDB\"].", + "type": "string" + }, + "rdbNextSnapshotTime": { + "description": "Output only. The next time that a snapshot attempt is scheduled to occur.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up\nto nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "rdbSnapshotPeriod": { + "description": "Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"].", + "type": "string" + }, + "rdbSnapshotStartTime": { + "description": "Optional. Date and time that the first snapshot was/will be attempted,\nand to which future snapshots will be aligned. If not provided,\nthe current time will be used.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution\nand up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "readReplicasMode": { + "description": "Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"].", + "type": "string" + }, + "redisConfigs": { + "additionalProperties": { + "type": "string" + }, + "description": "Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs.", + "type": "object" + }, + "redisVersion": { + "description": "The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.", + "type": "string" + }, + "region": { + "description": "Immutable. The name of the Redis region of the instance.", + "type": "string" + }, + "replicaCount": { + "description": "Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.", + "type": "integer" + }, + "reservedIpRange": { + "description": "Immutable. The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "secondaryIpRange": { + "description": "Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".", + "type": "string" + }, + "tier": { + "description": "Immutable. The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"].", + "type": "string" + }, + "transitEncryptionMode": { + "description": "Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"].", + "type": "string" + } + }, + "required": [ + "memorySizeGb", + "region" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.", + "type": "string" + }, + "currentLocationId": { + "description": "The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.", + "type": "string" + }, + "host": { + "description": "Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.", + "type": "string" + }, + "maintenanceSchedule": { + "description": "Upcoming maintenance schedule.", + "items": { + "properties": { + "endTime": { + "description": "Output only. The end time of any upcoming scheduled maintenance for this instance.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "scheduleDeadlineTime": { + "description": "Output only. The deadline that the maintenance schedule start time\ncan not go beyond, including reschedule.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + }, + "startTime": { + "description": "Output only. The start time of any upcoming scheduled maintenance for this instance.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "nodes": { + "description": "Output only. Info per node.", + "items": { + "properties": { + "id": { + "description": "Node identifying string. e.g. 'node-0', 'node-1'.", + "type": "string" + }, + "zone": { + "description": "Location of the node.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "observedState": { + "description": "The observed state of the underlying GCP resource.", + "properties": { + "authString": { + "description": "Output only. AUTH String set on the instance. This field will only be populated if auth_enabled is true.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "persistenceIamIdentity": { + "description": "Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.", + "type": "string" + }, + "port": { + "description": "The port number of the exposed Redis endpoint.", + "type": "integer" + }, + "readEndpoint": { + "description": "Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.", + "type": "string" + }, + "readEndpointPort": { + "description": "Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.", + "type": "integer" + }, + "serverCaCerts": { + "description": "List of server CA certificates for the instance.", + "items": { + "properties": { + "cert": { + "description": "The certificate data in PEM format.", + "type": "string" + }, + "createTime": { + "description": "The time when the certificate was created.", + "type": "string" + }, + "expireTime": { + "description": "The time when the certificate expires.", + "type": "string" + }, + "serialNumber": { + "description": "Serial number, as extracted from the certificate.", + "type": "string" + }, + "sha1Fingerprint": { + "description": "Sha1 Fingerprint of the certificate.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/resourcemanager.cnrm.cloud.google.com/folder_v1beta1.json b/resourcemanager.cnrm.cloud.google.com/folder_v1beta1.json new file mode 100644 index 00000000..940d92ea --- /dev/null +++ b/resourcemanager.cnrm.cloud.google.com/folder_v1beta1.json @@ -0,0 +1,220 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "folderRef" + ] + }, + { + "required": [ + "organizationRef" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "folderRef" + ] + }, + { + "required": [ + "organizationRef" + ] + } + ] + } + } + ], + "properties": { + "displayName": { + "description": "The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.", + "type": "string" + }, + "folderRef": { + "description": "The folder that this resource belongs to. Changing this forces the\nresource to be migrated to the newly specified folder. Only one of\nfolderRef or organizationRef may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `folderId` field of a `Folder` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "organizationRef": { + "description": "The organization that this resource belongs to. Changing this\nforces the resource to be migrated to the newly specified\norganization. Only one of folderRef or organizationRef may be\nspecified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `Organization` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "required": [ + "displayName" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "folderId": { + "description": "The folder id from the name \"folders/{folder_id}\".", + "type": "string" + }, + "lifecycleState": { + "description": "The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.", + "type": "string" + }, + "name": { + "description": "The resource name of the Folder. Its format is folders/{folder_id}.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/resourcemanager.cnrm.cloud.google.com/project_v1beta1.json b/resourcemanager.cnrm.cloud.google.com/project_v1beta1.json new file mode 100644 index 00000000..7727c4b2 --- /dev/null +++ b/resourcemanager.cnrm.cloud.google.com/project_v1beta1.json @@ -0,0 +1,257 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "oneOf": [ + { + "required": [ + "folderRef" + ] + }, + { + "required": [ + "organizationRef" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "folderRef" + ] + }, + { + "required": [ + "organizationRef" + ] + } + ] + } + } + ], + "properties": { + "billingAccountRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `BillingAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "folderRef": { + "description": "The folder that this resource belongs to. Changing this forces the\nresource to be migrated to the newly specified folder. Only one of\nfolderRef or organizationRef may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `folderId` field of a `Folder` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "The display name of the project.", + "type": "string" + }, + "organizationRef": { + "description": "The organization that this resource belongs to. Changing this\nforces the resource to be migrated to the newly specified\norganization. Only one of folderRef or organizationRef may be\nspecified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `Organization` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The projectId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "number": { + "description": "The numeric identifier of the project.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/resourcemanager.cnrm.cloud.google.com/resourcemanagerlien_v1beta1.json b/resourcemanager.cnrm.cloud.google.com/resourcemanagerlien_v1beta1.json new file mode 100644 index 00000000..8a9eec8b --- /dev/null +++ b/resourcemanager.cnrm.cloud.google.com/resourcemanagerlien_v1beta1.json @@ -0,0 +1,153 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "origin": { + "description": "Immutable. A stable, user-visible/meaningful string identifying the origin\nof the Lien, intended to be inspected programmatically. Maximum length of\n200 characters.", + "type": "string" + }, + "parent": { + "properties": { + "projectRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "reason": { + "description": "Immutable. Concise user-visible strings indicating why an action cannot be performed\non a resource. Maximum length of 200 characters.", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "restrictions": { + "description": "Immutable. The types of operations which should be blocked as a result of this Lien.\nEach value should correspond to an IAM permission. The server will validate\nthe permissions against those for which Liens are supported. An empty\nlist is meaningless and will be rejected.\ne.g. ['resourcemanager.projects.delete'].", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "origin", + "parent", + "reason", + "restrictions" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Time of creation.", + "type": "string" + }, + "name": { + "description": "A system-generated unique identifier for this Lien.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/resourcemanager.cnrm.cloud.google.com/resourcemanagerpolicy_v1beta1.json b/resourcemanager.cnrm.cloud.google.com/resourcemanagerpolicy_v1beta1.json new file mode 100644 index 00000000..6235801d --- /dev/null +++ b/resourcemanager.cnrm.cloud.google.com/resourcemanagerpolicy_v1beta1.json @@ -0,0 +1,313 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "booleanPolicy": { + "description": "A boolean policy is a constraint that is either enforced or not.", + "properties": { + "enforced": { + "description": "If true, then the Policy is enforced. If false, then any configuration is acceptable.", + "type": "boolean" + } + }, + "required": [ + "enforced" + ], + "type": "object", + "additionalProperties": false + }, + "constraint": { + "description": "Immutable. The name of the Constraint the Policy is configuring, for example, serviceuser.services.", + "type": "string" + }, + "folderRef": { + "description": "The folder on which to configure the constraint. Only one of\nprojectRef, folderRef, or organizationRef may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Folder` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "listPolicy": { + "description": "A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. .", + "properties": { + "allow": { + "description": "One or the other must be set.", + "properties": { + "all": { + "description": "The policy allows or denies all values.", + "type": "boolean" + }, + "values": { + "description": "The policy can define specific values that are allowed or denied.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "deny": { + "description": "One or the other must be set.", + "properties": { + "all": { + "description": "The policy allows or denies all values.", + "type": "boolean" + }, + "values": { + "description": "The policy can define specific values that are allowed or denied.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "inheritFromParent": { + "description": "If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.", + "type": "boolean" + }, + "suggestedValue": { + "description": "The Google Cloud Console will try to default to a configuration that matches the value specified in this field.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "organizationRef": { + "description": "The organization on which to configure the constraint. Only one of\nprojectRef, folderRef, or organizationRef may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of an `Organization` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "The project on which to configure the constraint. Only one of\nprojectRef, folderRef, or organizationRef may be specified.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "restorePolicy": { + "description": "A restore policy is a constraint to restore the default policy.", + "properties": { + "default": { + "description": "May only be set to true. If set, then the default Policy is restored.", + "type": "boolean" + } + }, + "required": [ + "default" + ], + "type": "object", + "additionalProperties": false + }, + "version": { + "description": "Version of the Policy. Default version is 0.", + "type": "integer" + } + }, + "required": [ + "constraint" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "etag": { + "description": "The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/run.cnrm.cloud.google.com/runjob_v1beta1.json b/run.cnrm.cloud.google.com/runjob_v1beta1.json new file mode 100644 index 00000000..6ae93d77 --- /dev/null +++ b/run.cnrm.cloud.google.com/runjob_v1beta1.json @@ -0,0 +1,1120 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.", + "type": "object" + }, + "binaryAuthorization": { + "description": "Settings for the Binary Authorization feature.", + "properties": { + "breakglassJustification": { + "description": "If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass.", + "type": "string" + }, + "useDefault": { + "description": "If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "client": { + "description": "Arbitrary identifier for the API client.", + "type": "string" + }, + "clientVersion": { + "description": "Arbitrary version identifier for the API client.", + "type": "string" + }, + "launchStage": { + "description": "The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"].", + "type": "string" + }, + "location": { + "description": "Immutable. The location of the cloud run job.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "template": { + "description": "The template used to create executions for this Job.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 ExecutionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.", + "type": "object" + }, + "parallelism": { + "description": "Specifies the maximum desired number of tasks the execution should run at given time. Must be <= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.", + "type": "integer" + }, + "taskCount": { + "description": "Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/.", + "type": "integer" + }, + "template": { + "description": "Describes the task(s) that will be created when executing an execution.", + "properties": { + "containers": { + "description": "Holds the single container that defines the unit of execution for this task.", + "items": { + "properties": { + "args": { + "description": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.", + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.", + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "description": "List of environment variables to set in the container.", + "items": { + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes.", + "type": "string" + }, + "valueSource": { + "description": "Source for the environment variable's value.", + "properties": { + "secretKeyRef": { + "description": "Selects a secret and a specific version from Cloud Secret Manager.", + "properties": { + "secretRef": { + "description": "The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SecretManagerSecret` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "versionRef": { + "description": "The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `version` field of a `SecretManagerSecretVersion` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef", + "versionRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "image": { + "description": "URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images.", + "type": "string" + }, + "livenessProbe": { + "description": "DEPRECATED. `liveness_probe` is deprecated. This field is not supported by the Cloud Run API. Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes\nThis field is not supported in Cloud Run Job currently.", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer" + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.", + "properties": { + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "properties": { + "name": { + "description": "The header field name.", + "type": "string" + }, + "value": { + "description": "The header field value.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "path": { + "description": "Path to access on the HTTP server. Defaults to '/'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds.", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.", + "properties": { + "port": { + "description": "Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on.", + "items": { + "properties": { + "containerPort": { + "description": "Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536.", + "type": "integer" + }, + "name": { + "description": "If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "description": "Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources.", + "properties": { + "limits": { + "additionalProperties": { + "type": "string" + }, + "description": "Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "startupProbe": { + "description": "DEPRECATED. `startup_probe` is deprecated. This field is not supported by the Cloud Run API. Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes\nThis field is not supported in Cloud Run Job currently.", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer" + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.", + "properties": { + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "properties": { + "name": { + "description": "The header field name.", + "type": "string" + }, + "value": { + "description": "The header field value.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "path": { + "description": "Path to access on the HTTP server. Defaults to '/'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds.", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.", + "properties": { + "port": { + "description": "Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to 8080.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "volumeMounts": { + "description": "Volume to mount into the container's filesystem.", + "items": { + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run.", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "encryptionKeyRef": { + "description": "A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "executionEnvironment": { + "description": "The execution environment being used to host this Task. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"].", + "type": "string" + }, + "maxRetries": { + "description": "Number of retries allowed per Task, before marking this Task failed.", + "type": "integer" + }, + "serviceAccountRef": { + "description": "Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeout": { + "description": "Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".", + "type": "string" + }, + "volumes": { + "description": "A list of Volumes to make available to containers.", + "items": { + "properties": { + "emptyDir": { + "description": "Ephemeral storage used as a shared volume.", + "properties": { + "medium": { + "description": "The different types of medium supported for EmptyDir. Default value: \"MEMORY\" Possible values: [\"MEMORY\"].", + "type": "string" + }, + "sizeLimit": { + "description": "Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Volume's name.", + "type": "string" + }, + "secret": { + "description": "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret.", + "properties": { + "defaultMode": { + "description": "Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.", + "type": "integer" + }, + "items": { + "description": "If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.", + "items": { + "properties": { + "mode": { + "description": "Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.", + "type": "integer" + }, + "path": { + "description": "The relative path of the secret in the container.", + "type": "string" + }, + "versionRef": { + "description": "The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `version` field of a `SecretManagerSecretVersion` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "path", + "versionRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "secretRef": { + "description": "The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SecretManagerSecret` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "vpcAccess": { + "description": "VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.", + "properties": { + "connectorRef": { + "description": "VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `VPCAccessConnector` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "egress": { + "description": "Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"].", + "type": "string" + }, + "networkInterfaces": { + "description": "Direct VPC egress settings. Currently only single network interface is supported.", + "items": { + "properties": { + "networkRef": { + "description": "The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subnetworkRef": { + "description": "The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tags": { + "description": "Network tags applied to this Cloud Run job.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "template" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef", + "template" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The creation time.", + "type": "string" + }, + "creator": { + "description": "Email address of the authenticated creator.", + "type": "string" + }, + "deleteTime": { + "description": "The deletion time.", + "type": "string" + }, + "etag": { + "description": "A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.", + "type": "string" + }, + "executionCount": { + "description": "Number of executions created for this job.", + "type": "integer" + }, + "expireTime": { + "description": "For a deleted resource, the time after which it will be permamently deleted.", + "type": "string" + }, + "lastModifier": { + "description": "Email address of the last authenticated modifier.", + "type": "string" + }, + "latestCreatedExecution": { + "description": "Name of the last created execution.", + "items": { + "properties": { + "completionTime": { + "description": "Completion timestamp of the execution.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "createTime": { + "description": "Creation timestamp of the execution.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "name": { + "description": "Name of the execution.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "reconciling": { + "description": "Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions.", + "type": "boolean" + }, + "terminalCondition": { + "description": "The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state.", + "items": { + "properties": { + "executionReason": { + "description": "A reason for the execution condition.", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "message": { + "description": "Human readable message indicating details about the current status.", + "type": "string" + }, + "reason": { + "description": "A common (service-level) reason for this condition.", + "type": "string" + }, + "revisionReason": { + "description": "A reason for the revision condition.", + "type": "string" + }, + "severity": { + "description": "How to interpret failures of this condition, one of Error, Warning, Info.", + "type": "string" + }, + "state": { + "description": "State of the condition.", + "type": "string" + }, + "type": { + "description": "type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * \"Ready\": True when the Resource is ready.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "uid": { + "description": "Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.", + "type": "string" + }, + "updateTime": { + "description": "The last-modified time.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/run.cnrm.cloud.google.com/runservice_v1beta1.json b/run.cnrm.cloud.google.com/runservice_v1beta1.json new file mode 100644 index 00000000..25c09e34 --- /dev/null +++ b/run.cnrm.cloud.google.com/runservice_v1beta1.json @@ -0,0 +1,1282 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.", + "type": "object" + }, + "binaryAuthorization": { + "description": "Settings for the Binary Authorization feature.", + "properties": { + "breakglassJustification": { + "description": "If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass.", + "type": "string" + }, + "useDefault": { + "description": "If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "client": { + "description": "Arbitrary identifier for the API client.", + "type": "string" + }, + "clientVersion": { + "description": "Arbitrary version identifier for the API client.", + "type": "string" + }, + "customAudiences": { + "description": "One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.", + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "description": "User-provided description of the Service. This field currently has a 512-character limit.", + "type": "string" + }, + "ingress": { + "description": "Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"].", + "type": "string" + }, + "launchStage": { + "description": "The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"].", + "type": "string" + }, + "location": { + "description": "Immutable. The location of the cloud run service.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "template": { + "description": "The template used to create revisions for this Service.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 RevisionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.", + "type": "object" + }, + "containers": { + "description": "Holds the containers that define the unit of execution for this Service.", + "items": { + "properties": { + "args": { + "description": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.", + "items": { + "type": "string" + }, + "type": "array" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell.", + "items": { + "type": "string" + }, + "type": "array" + }, + "dependsOn": { + "description": "Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy.", + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "description": "List of environment variables to set in the container.", + "items": { + "properties": { + "name": { + "description": "Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes.", + "type": "string" + }, + "valueSource": { + "description": "Source for the environment variable's value.", + "properties": { + "secretKeyRef": { + "description": "Selects a secret and a specific version from Cloud Secret Manager.", + "properties": { + "secretRef": { + "description": "The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SecretManagerSecret` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "versionRef": { + "description": "The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `version` field of a `SecretManagerSecretVersion` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "image": { + "description": "URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images.", + "type": "string" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", + "properties": { + "port": { + "description": "Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.", + "type": "integer" + }, + "service": { + "description": "The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform.", + "properties": { + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "properties": { + "name": { + "description": "The header field name.", + "type": "string" + }, + "value": { + "description": "The header field value.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "path": { + "description": "Path to access on the HTTP server. Defaults to '/'.", + "type": "string" + }, + "port": { + "description": "Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds.", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.", + "type": "string" + }, + "ports": { + "description": "List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on.", + "items": { + "properties": { + "containerPort": { + "description": "Port number the container listens on. This must be a valid TCP port number, 0 < containerPort < 65536.", + "type": "integer" + }, + "name": { + "description": "If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resources": { + "description": "Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources.", + "properties": { + "cpuIdle": { + "description": "Determines whether CPU should be throttled or not outside of requests.", + "type": "boolean" + }, + "limits": { + "additionalProperties": { + "type": "string" + }, + "description": "Only memory and CPU are supported. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go.", + "type": "object" + }, + "startupCpuBoost": { + "description": "Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "startupProbe": { + "description": "Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "properties": { + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies an action involving a GRPC port.", + "properties": { + "port": { + "description": "Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.", + "type": "integer" + }, + "service": { + "description": "The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "description": "HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.", + "properties": { + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "properties": { + "name": { + "description": "The header field name.", + "type": "string" + }, + "value": { + "description": "The header field value.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "path": { + "description": "Path to access on the HTTP server. Defaults to '/'.", + "type": "string" + }, + "port": { + "description": "Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds.", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.", + "properties": { + "port": { + "description": "Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "volumeMounts": { + "description": "Volume to mount into the container's filesystem.", + "items": { + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run.", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "encryptionKeyRef": { + "description": "A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "executionEnvironment": { + "description": "The sandbox environment to host this Revision. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"].", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc.\nFor more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 RevisionTemplate.", + "type": "object" + }, + "maxInstanceRequestConcurrency": { + "description": "Sets the maximum number of requests that each serving instance can receive.", + "type": "integer" + }, + "revision": { + "description": "The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.", + "type": "string" + }, + "scaling": { + "description": "Scaling settings for this Revision.", + "properties": { + "maxInstanceCount": { + "description": "Maximum number of serving instances that this resource should have.", + "type": "integer" + }, + "minInstanceCount": { + "description": "Minimum number of serving instances that this resource should have.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sessionAffinity": { + "description": "Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity.", + "type": "boolean" + }, + "timeout": { + "description": "Max allowed time for an instance to respond to a request.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".", + "type": "string" + }, + "volumes": { + "description": "A list of Volumes to make available to containers.", + "items": { + "properties": { + "cloudSqlInstance": { + "description": "For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.", + "properties": { + "instances": { + "items": { + "description": "The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `connectionName` field of a `SQLInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "emptyDir": { + "description": "Ephemeral storage used as a shared volume.", + "properties": { + "medium": { + "description": "The different types of medium supported for EmptyDir. Default value: \"MEMORY\" Possible values: [\"MEMORY\"].", + "type": "string" + }, + "sizeLimit": { + "description": "Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. This field's values are of the 'Quantity' k8s type: https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Volume's name.", + "type": "string" + }, + "secret": { + "description": "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret.", + "properties": { + "defaultMode": { + "description": "Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.", + "type": "integer" + }, + "items": { + "description": "If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.", + "items": { + "properties": { + "mode": { + "description": "Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.", + "type": "integer" + }, + "path": { + "description": "The relative path of the secret in the container.", + "type": "string" + }, + "versionRef": { + "description": "The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `version` field of a `SecretManagerSecretVersion` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "secretRef": { + "description": "The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SecretManagerSecret` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "vpcAccess": { + "description": "VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.", + "properties": { + "connectorRef": { + "description": "VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `VPCAccessConnector` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "egress": { + "description": "Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"].", + "type": "string" + }, + "networkInterfaces": { + "description": "Direct VPC egress settings. Currently only single network interface is supported.", + "items": { + "properties": { + "networkRef": { + "description": "The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "subnetworkRef": { + "description": "The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tags": { + "description": "Network tags applied to this Cloud Run service.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "traffic": { + "description": "Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.", + "items": { + "properties": { + "percent": { + "description": "Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.", + "type": "integer" + }, + "revision": { + "description": "Revision to which to send this portion of traffic, if traffic allocation is by revision.", + "type": "string" + }, + "tag": { + "description": "Indicates a string to be part of the URI to exclusively reference this target.", + "type": "string" + }, + "type": { + "description": "The allocation type for this traffic target. Possible values: [\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\", \"TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "location", + "projectRef", + "template" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The creation time.", + "type": "string" + }, + "creator": { + "description": "Email address of the authenticated creator.", + "type": "string" + }, + "deleteTime": { + "description": "The deletion time.", + "type": "string" + }, + "etag": { + "description": "A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.", + "type": "string" + }, + "expireTime": { + "description": "For a deleted resource, the time after which it will be permamently deleted.", + "type": "string" + }, + "lastModifier": { + "description": "Email address of the last authenticated modifier.", + "type": "string" + }, + "latestCreatedRevision": { + "description": "Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.", + "type": "string" + }, + "latestReadyRevision": { + "description": "Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "reconciling": { + "description": "Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.", + "type": "boolean" + }, + "terminalCondition": { + "description": "The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.", + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human readable message indicating details about the current status.", + "type": "string" + }, + "reason": { + "description": "A common (service-level) reason for this condition.", + "type": "string" + }, + "revisionReason": { + "description": "A reason for the revision condition.", + "type": "string" + }, + "severity": { + "description": "How to interpret failures of this condition, one of Error, Warning, Info.", + "type": "string" + }, + "state": { + "description": "State of the condition.", + "type": "string" + }, + "type": { + "description": "type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * \"Ready\": True when the Resource is ready.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "trafficStatuses": { + "description": "Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.", + "items": { + "properties": { + "percent": { + "description": "Specifies percent of the traffic to this Revision.", + "type": "integer" + }, + "revision": { + "description": "Revision to which this traffic is sent.", + "type": "string" + }, + "tag": { + "description": "Indicates the string used in the URI to exclusively reference this target.", + "type": "string" + }, + "type": { + "description": "The allocation type for this traffic target.", + "type": "string" + }, + "uri": { + "description": "Displays the target URI.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "uid": { + "description": "Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.", + "type": "string" + }, + "updateTime": { + "description": "The last-modified time.", + "type": "string" + }, + "uri": { + "description": "The main URI in which this Service is serving traffic.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/secretmanager.cnrm.cloud.google.com/secretmanagersecret_v1beta1.json b/secretmanager.cnrm.cloud.google.com/secretmanagersecret_v1beta1.json new file mode 100644 index 00000000..df7e0a03 --- /dev/null +++ b/secretmanager.cnrm.cloud.google.com/secretmanagersecret_v1beta1.json @@ -0,0 +1,345 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "description": "Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.", + "type": "object" + }, + "expireTime": { + "description": "Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "replication": { + "description": "Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.", + "properties": { + "auto": { + "description": "The Secret will automatically be replicated without any restrictions.", + "properties": { + "customerManagedEncryption": { + "description": "The customer-managed encryption configuration of the Secret.\nIf no configuration is provided, Google-managed default\nencryption is used.", + "properties": { + "kmsKeyRef": { + "description": "The customer-managed encryption configuration of the Secret.\nIf no configuration is provided, Google-managed default\nencryption is used.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "automatic": { + "description": "DEPRECATED. `automatic` is deprecated. Use `auto` instead. The Secret will automatically be replicated without any restrictions.", + "type": "boolean" + }, + "userManaged": { + "description": "Immutable. The Secret will be replicated to the regions specified by the user.", + "properties": { + "replicas": { + "description": "Immutable. The list of Replicas for this Secret. Cannot be empty.", + "items": { + "properties": { + "customerManagedEncryption": { + "description": "Customer Managed Encryption for the secret.", + "properties": { + "kmsKeyRef": { + "description": "Customer Managed Encryption for the secret.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Immutable. The canonical IDs of the location to replicate data. For example: \"us-east1\".", + "type": "string" + } + }, + "required": [ + "location" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "required": [ + "replicas" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The secretId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rotation": { + "description": "The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.", + "properties": { + "nextRotationTime": { + "description": "Timestamp in UTC at which the Secret is scheduled to rotate.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "rotationPeriod": { + "description": "Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).\nIf rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "topics": { + "description": "A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.", + "items": { + "properties": { + "topicRef": { + "description": "A list of up to 10 Pub/Sub topics to which messages are\npublished when control plane operations are called on the secret\nor its versions.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "topicRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "ttl": { + "description": "Immutable. The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "versionAliases": { + "additionalProperties": { + "type": "string" + }, + "description": "Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.", + "type": "object" + } + }, + "required": [ + "replication" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time at which the Secret was created.", + "type": "string" + }, + "name": { + "description": "The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/secretmanager.cnrm.cloud.google.com/secretmanagersecretversion_v1beta1.json b/secretmanager.cnrm.cloud.google.com/secretmanagersecretversion_v1beta1.json new file mode 100644 index 00000000..a92510f0 --- /dev/null +++ b/secretmanager.cnrm.cloud.google.com/secretmanagersecretversion_v1beta1.json @@ -0,0 +1,210 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "deletionPolicy": { + "description": "The deletion policy for the secret version. Setting 'ABANDON' allows the resource\nto be abandoned rather than deleted. Setting 'DISABLE' allows the resource to be\ndisabled rather than deleted. Default is 'DELETE'. Possible values are:\n * DELETE\n * DISABLE\n * ABANDON.", + "type": "string" + }, + "enabled": { + "description": "The current state of the SecretVersion.", + "type": "boolean" + }, + "isSecretDataBase64": { + "description": "Immutable. If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.", + "type": "boolean" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "secretData": { + "description": "Immutable. The secret data. Must be no larger than 64KiB.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "Secret Manager secret resource", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SecretManagerSecret` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretData", + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time at which the Secret was created.", + "type": "string" + }, + "destroyTime": { + "description": "The time at which the Secret was destroyed. Only present if state is DESTROYED.", + "type": "string" + }, + "name": { + "description": "The resource name of the SecretVersion. Format:\n'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "version": { + "description": "The version of the Secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/servicedirectory.cnrm.cloud.google.com/servicedirectoryendpoint_v1beta1.json b/servicedirectory.cnrm.cloud.google.com/servicedirectoryendpoint_v1beta1.json new file mode 100644 index 00000000..74ffa3e2 --- /dev/null +++ b/servicedirectory.cnrm.cloud.google.com/servicedirectoryendpoint_v1beta1.json @@ -0,0 +1,229 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "addressRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `address` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "networkRef": { + "description": "Only the `external` field is supported to configure the reference.\n\nImmutable. The Google Compute Engine network (VPC) of the endpoint in the format\nprojects//locations/global/networks/*.\n\nThe project must be specified by project number (project id is rejected). Incorrectly formatted networks are\nrejected, but no other validation is performed on this field (ex. network or project existence,\nreachability, or permissions).", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "port": { + "description": "Port that the endpoint is running on, must be in the\nrange of [0, 65535]. If unspecified, the default is 0.", + "type": "integer" + }, + "resourceID": { + "description": "Immutable. Optional. The endpointId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "serviceRef": { + "description": "The ServiceDirectoryService that this endpoint belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ServiceDirectoryService` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "serviceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The resource name for the endpoint in the format\n'projects/*/locations/*/namespaces/*/services/*/endpoints/*'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/servicedirectory.cnrm.cloud.google.com/servicedirectorynamespace_v1beta1.json b/servicedirectory.cnrm.cloud.google.com/servicedirectorynamespace_v1beta1.json new file mode 100644 index 00000000..a3ec1e56 --- /dev/null +++ b/servicedirectory.cnrm.cloud.google.com/servicedirectorynamespace_v1beta1.json @@ -0,0 +1,131 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "location": { + "description": "Immutable. The location for the Namespace.\nA full list of valid locations can be found by running\n'gcloud beta service-directory locations list'.", + "type": "string" + }, + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The namespaceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The resource name for the namespace\nin the format 'projects/*/locations/*/namespaces/*'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/servicedirectory.cnrm.cloud.google.com/servicedirectoryservice_v1beta1.json b/servicedirectory.cnrm.cloud.google.com/servicedirectoryservice_v1beta1.json new file mode 100644 index 00000000..5ca82e83 --- /dev/null +++ b/servicedirectory.cnrm.cloud.google.com/servicedirectoryservice_v1beta1.json @@ -0,0 +1,126 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "namespaceRef": { + "description": "The ServiceDirectoryNamespace that this service belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ServiceDirectoryNamespace` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The serviceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "namespaceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The resource name for the service in the\nformat 'projects/*/locations/*/namespaces/*/services/*'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/servicenetworking.cnrm.cloud.google.com/servicenetworkingconnection_v1beta1.json b/servicenetworking.cnrm.cloud.google.com/servicenetworkingconnection_v1beta1.json new file mode 100644 index 00000000..b930ca17 --- /dev/null +++ b/servicenetworking.cnrm.cloud.google.com/servicenetworkingconnection_v1beta1.json @@ -0,0 +1,178 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "networkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "reservedPeeringRanges": { + "items": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeAddress` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "service": { + "description": "Immutable. Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'.", + "type": "string" + } + }, + "required": [ + "networkRef", + "reservedPeeringRanges", + "service" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "peering": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/serviceusage.cnrm.cloud.google.com/service_v1beta1.json b/serviceusage.cnrm.cloud.google.com/service_v1beta1.json new file mode 100644 index 00000000..829e1a48 --- /dev/null +++ b/serviceusage.cnrm.cloud.google.com/service_v1beta1.json @@ -0,0 +1,116 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/serviceusage.cnrm.cloud.google.com/serviceidentity_v1beta1.json b/serviceusage.cnrm.cloud.google.com/serviceidentity_v1beta1.json new file mode 100644 index 00000000..a398a3d0 --- /dev/null +++ b/serviceusage.cnrm.cloud.google.com/serviceidentity_v1beta1.json @@ -0,0 +1,125 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "projectRef": { + "description": "The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "email": { + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/sourcerepo.cnrm.cloud.google.com/sourcereporepository_v1beta1.json b/sourcerepo.cnrm.cloud.google.com/sourcereporepository_v1beta1.json new file mode 100644 index 00000000..71c86919 --- /dev/null +++ b/sourcerepo.cnrm.cloud.google.com/sourcereporepository_v1beta1.json @@ -0,0 +1,191 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "pubsubConfigs": { + "description": "How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.", + "items": { + "properties": { + "messageFormat": { + "description": "The format of the Cloud Pub/Sub messages.\n- PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent.\n- JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: [\"PROTOBUF\", \"JSON\"].", + "type": "string" + }, + "serviceAccountRef": { + "description": "Service account used for publishing Cloud Pub/Sub messages. This\nservice account needs to be in the same project as the\npubsubConfig. When added, the caller needs to have\niam.serviceAccounts.actAs permission on this service account. If\nunspecified, it defaults to the compute engine default service\naccount.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `email` field of an `IAMServiceAccount` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "topicRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "messageFormat", + "topicRef" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "size": { + "description": "The disk usage of the repo, in bytes.", + "type": "integer" + }, + "url": { + "description": "URL to clone the repository from Google Cloud Source Repositories.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/spanner.cnrm.cloud.google.com/spannerdatabase_v1beta1.json b/spanner.cnrm.cloud.google.com/spannerdatabase_v1beta1.json new file mode 100644 index 00000000..6db1578a --- /dev/null +++ b/spanner.cnrm.cloud.google.com/spannerdatabase_v1beta1.json @@ -0,0 +1,204 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "databaseDialect": { + "description": "Immutable. The dialect of the Cloud Spanner Database.\nIf it is not provided, \"GOOGLE_STANDARD_SQL\" will be used. Possible values: [\"GOOGLE_STANDARD_SQL\", \"POSTGRESQL\"].", + "type": "string" + }, + "ddl": { + "description": "An optional list of DDL statements to run inside the newly created\ndatabase. Statements can create tables, indexes, etc. These statements\nexecute atomically with the creation of the database: if there is an\nerror in any statement, the database is not created.", + "items": { + "type": "string" + }, + "type": "array" + }, + "enableDropProtection": { + "type": "boolean" + }, + "encryptionConfig": { + "description": "Immutable. Encryption configuration for the database.", + "properties": { + "kmsKeyRef": { + "description": "Fully qualified name of the KMS key to use to encrypt this database. This key\nmust exist in the same location as the Spanner Database.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "instanceRef": { + "description": "The instance to create the database on.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SpannerInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "versionRetentionPeriod": { + "description": "The retention period for the database. The retention period must be between 1 hour\nand 7 days, and can be specified in days, hours, minutes, or seconds. For example,\nthe values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h.\nIf this property is used, you must avoid adding new DDL statements to 'ddl' that\nupdate the database's version_retention_period.", + "type": "string" + } + }, + "required": [ + "instanceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "An explanation of the status of the database.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/spanner.cnrm.cloud.google.com/spannerinstance_v1beta1.json b/spanner.cnrm.cloud.google.com/spannerinstance_v1beta1.json new file mode 100644 index 00000000..6850b4dc --- /dev/null +++ b/spanner.cnrm.cloud.google.com/spannerinstance_v1beta1.json @@ -0,0 +1,91 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "config": { + "description": "Immutable. The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).", + "type": "string" + }, + "displayName": { + "description": "The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.", + "type": "string" + }, + "numNodes": { + "type": "integer" + }, + "processingUnits": { + "type": "integer" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "config", + "displayName" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "state": { + "description": "Instance status: 'CREATING' or 'READY'.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/sql.cnrm.cloud.google.com/sqldatabase_v1beta1.json b/sql.cnrm.cloud.google.com/sqldatabase_v1beta1.json new file mode 100644 index 00000000..f6db2ac1 --- /dev/null +++ b/sql.cnrm.cloud.google.com/sqldatabase_v1beta1.json @@ -0,0 +1,137 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "charset": { + "description": "The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.", + "type": "string" + }, + "collation": { + "description": "The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.", + "type": "string" + }, + "deletionPolicy": { + "description": "The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".", + "type": "string" + }, + "instanceRef": { + "description": "The Cloud SQL instance.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SQLInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + } + }, + "required": [ + "instanceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/sql.cnrm.cloud.google.com/sqlinstance_v1beta1.json b/sql.cnrm.cloud.google.com/sqlinstance_v1beta1.json new file mode 100644 index 00000000..470f4c3b --- /dev/null +++ b/sql.cnrm.cloud.google.com/sqlinstance_v1beta1.json @@ -0,0 +1,911 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "databaseVersion": { + "default": "MYSQL_5_6", + "description": "The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.", + "type": "string" + }, + "encryptionKMSCryptoKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "instanceType": { + "description": "The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.", + "type": "string" + }, + "maintenanceVersion": { + "description": "Maintenance version.", + "type": "string" + }, + "masterInstanceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SQLInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Immutable. The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.", + "type": "string" + }, + "replicaConfiguration": { + "description": "The configuration for replication.", + "properties": { + "caCertificate": { + "description": "Immutable. PEM representation of the trusted CA's x509 certificate.", + "type": "string" + }, + "clientCertificate": { + "description": "Immutable. PEM representation of the replica's x509 certificate.", + "type": "string" + }, + "clientKey": { + "description": "Immutable. PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate.", + "type": "string" + }, + "connectRetryInterval": { + "description": "Immutable. The number of seconds between connect retries. MySQL's default is 60 seconds.", + "type": "integer" + }, + "dumpFilePath": { + "description": "Immutable. Path to a SQL file in Google Cloud Storage from which replica instances are created. Format is gs://bucket/filename.", + "type": "string" + }, + "failoverTarget": { + "description": "Immutable. Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. If the master instance fails, the replica instance will be promoted as the new master instance. Not supported for Postgres.", + "type": "boolean" + }, + "masterHeartbeatPeriod": { + "description": "Immutable. Time in ms between replication heartbeats.", + "type": "integer" + }, + "password": { + "description": "Immutable. Password for the replication connection.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "sslCipher": { + "description": "Immutable. Permissible ciphers for use in SSL encryption.", + "type": "string" + }, + "username": { + "description": "Immutable. Username for replication connection.", + "type": "string" + }, + "verifyServerCertificate": { + "description": "Immutable. True if the master's common name value is checked during the SSL handshake.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "rootPassword": { + "description": "Initial root password. Required for MS SQL Server.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "settings": { + "description": "The settings to use for the database. The configuration is detailed below.", + "properties": { + "activationPolicy": { + "description": "This specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND.", + "type": "string" + }, + "activeDirectoryConfig": { + "properties": { + "domain": { + "description": "Domain name of the Active Directory for SQL Server (e.g., mydomain.com).", + "type": "string" + } + }, + "required": [ + "domain" + ], + "type": "object", + "additionalProperties": false + }, + "advancedMachineFeatures": { + "properties": { + "threadsPerCore": { + "description": "The number of threads per physical core. Can be 1 or 2.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "authorizedGaeApplications": { + "description": "DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances.\nSpecifying this field has no-ops; it's recommended to remove this field from your configuration.", + "items": { + "type": "string" + }, + "type": "array" + }, + "availabilityType": { + "description": "The availability type of the Cloud SQL instance, high availability\n(REGIONAL) or single zone (ZONAL). For all instances, ensure that\nsettings.backup_configuration.enabled is set to true.\nFor MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true.\nFor Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled\nis set to true. Defaults to ZONAL.", + "type": "string" + }, + "backupConfiguration": { + "properties": { + "backupRetentionSettings": { + "properties": { + "retainedBackups": { + "description": "Number of backups to retain.", + "type": "integer" + }, + "retentionUnit": { + "description": "The unit that 'retainedBackups' represents. Defaults to COUNT.", + "type": "string" + } + }, + "required": [ + "retainedBackups" + ], + "type": "object", + "additionalProperties": false + }, + "binaryLogEnabled": { + "description": "True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL.", + "type": "boolean" + }, + "enabled": { + "description": "True if backup configuration is enabled.", + "type": "boolean" + }, + "location": { + "description": "Location of the backup configuration.", + "type": "string" + }, + "pointInTimeRecoveryEnabled": { + "description": "True if Point-in-time recovery is enabled.", + "type": "boolean" + }, + "startTime": { + "description": "HH:MM format time indicating when backup configuration starts.", + "type": "string" + }, + "transactionLogRetentionDays": { + "description": "The number of days of transaction logs we retain for point in time restore, from 1-7. (For PostgreSQL Enterprise Plus instances, from 1 to 35.).", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "collation": { + "description": "Immutable. The name of server instance collation.", + "type": "string" + }, + "connectorEnforcement": { + "description": "Specifies if connections must use Cloud SQL connectors.", + "type": "string" + }, + "crashSafeReplication": { + "description": "DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances.\nSpecifying this field has no-ops; it's recommended to remove this field from your configuration.", + "type": "boolean" + }, + "dataCacheConfig": { + "description": "Data cache configurations.", + "properties": { + "dataCacheEnabled": { + "description": "Whether data cache is enabled for the instance.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "databaseFlags": { + "items": { + "properties": { + "name": { + "description": "Name of the flag.", + "type": "string" + }, + "value": { + "description": "Value of the flag.", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "deletionProtectionEnabled": { + "description": "Configuration to protect against accidental instance deletion.", + "type": "boolean" + }, + "denyMaintenancePeriod": { + "properties": { + "endDate": { + "description": "End date before which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01.", + "type": "string" + }, + "startDate": { + "description": "Start date after which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01.", + "type": "string" + }, + "time": { + "description": "Time in UTC when the \"deny maintenance period\" starts on start_date and ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00.", + "type": "string" + } + }, + "required": [ + "endDate", + "startDate", + "time" + ], + "type": "object", + "additionalProperties": false + }, + "diskAutoresize": { + "description": "Enables auto-resizing of the storage size. Defaults to true.", + "type": "boolean" + }, + "diskAutoresizeLimit": { + "description": "The maximum size, in GB, to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.", + "type": "integer" + }, + "diskSize": { + "description": "The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB.", + "type": "integer" + }, + "diskType": { + "description": "Immutable. The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.", + "type": "string" + }, + "edition": { + "description": "The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS.", + "type": "string" + }, + "insightsConfig": { + "description": "Configuration of Query Insights.", + "properties": { + "queryInsightsEnabled": { + "description": "True if Query Insights feature is enabled.", + "type": "boolean" + }, + "queryPlansPerMinute": { + "description": "Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5.", + "type": "integer" + }, + "queryStringLength": { + "description": "Maximum query length stored in bytes. Between 256 and 4500. Default to 1024.", + "type": "integer" + }, + "recordApplicationTags": { + "description": "True if Query Insights will record application tags from query when enabled.", + "type": "boolean" + }, + "recordClientAddress": { + "description": "True if Query Insights will record client address when enabled.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "ipConfiguration": { + "properties": { + "allocatedIpRange": { + "description": "The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.", + "type": "string" + }, + "authorizedNetworks": { + "items": { + "properties": { + "expirationTime": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "enablePrivatePathForGoogleCloudServices": { + "description": "Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.", + "type": "boolean" + }, + "ipv4Enabled": { + "description": "Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.", + "type": "boolean" + }, + "privateNetworkRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "pscConfig": { + "description": "PSC settings for a Cloud SQL instance.", + "items": { + "properties": { + "allowedConsumerProjects": { + "description": "List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric).", + "items": { + "type": "string" + }, + "type": "array" + }, + "pscEnabled": { + "description": "Whether PSC connectivity is enabled for this instance.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "requireSsl": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "locationPreference": { + "properties": { + "followGaeApplication": { + "description": "A Google App Engine application whose zone to remain in. Must be in the same region as this instance.", + "type": "string" + }, + "secondaryZone": { + "description": "The preferred Compute Engine zone for the secondary/failover.", + "type": "string" + }, + "zone": { + "description": "The preferred compute engine zone.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "maintenanceWindow": { + "description": "Declares a one-hour maintenance window when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time.", + "properties": { + "day": { + "description": "Day of week (1-7), starting on Monday.", + "type": "integer" + }, + "hour": { + "description": "Hour of day (0-23), ignored if day not set.", + "type": "integer" + }, + "updateTrack": { + "description": "Receive updates earlier (canary) or later (stable).", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "passwordValidationPolicy": { + "properties": { + "complexity": { + "description": "Password complexity.", + "type": "string" + }, + "disallowUsernameSubstring": { + "description": "Disallow username as a part of the password.", + "type": "boolean" + }, + "enablePasswordPolicy": { + "description": "Whether the password policy is enabled or not.", + "type": "boolean" + }, + "minLength": { + "description": "Minimum number of characters allowed.", + "type": "integer" + }, + "passwordChangeInterval": { + "description": "Minimum interval after which the password can be changed. This flag is only supported for PostgresSQL.", + "type": "string" + }, + "reuseInterval": { + "description": "Number of previous passwords that cannot be reused.", + "type": "integer" + } + }, + "required": [ + "enablePasswordPolicy" + ], + "type": "object", + "additionalProperties": false + }, + "pricingPlan": { + "description": "Pricing plan for this instance, can only be PER_USE.", + "type": "string" + }, + "replicationType": { + "description": "DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances.\nSpecifying this field has no-ops; it's recommended to remove this field from your configuration.", + "type": "string" + }, + "sqlServerAuditConfig": { + "properties": { + "bucketRef": { + "description": "The name of the destination bucket (e.g., gs://mybucket).", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `url` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "retentionInterval": { + "description": "How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"..", + "type": "string" + }, + "uploadInterval": { + "description": "How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tier": { + "description": "The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types such as db-custom-2-13312. See the Custom Machine Type Documentation to learn about specifying custom machine types.", + "type": "string" + }, + "timeZone": { + "description": "Immutable. The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format.", + "type": "string" + } + }, + "required": [ + "tier" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "settings" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "availableMaintenanceVersions": { + "description": "Available Maintenance versions.", + "items": { + "type": "string" + }, + "type": "array" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "connectionName": { + "description": "The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.", + "type": "string" + }, + "dnsName": { + "description": "The dns name of the instance.", + "type": "string" + }, + "firstIpAddress": { + "type": "string" + }, + "instanceType": { + "description": "The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.", + "type": "string" + }, + "ipAddress": { + "items": { + "properties": { + "ipAddress": { + "type": "string" + }, + "timeToRetire": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "privateIpAddress": { + "type": "string" + }, + "pscServiceAttachmentLink": { + "description": "The link to service attachment of PSC instance.", + "type": "string" + }, + "publicIpAddress": { + "type": "string" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + }, + "serverCaCert": { + "properties": { + "cert": { + "description": "The CA Certificate used to connect to the SQL Instance via SSL.", + "type": "string" + }, + "commonName": { + "description": "The CN valid for the CA Cert.", + "type": "string" + }, + "createTime": { + "description": "Creation time of the CA Cert.", + "type": "string" + }, + "expirationTime": { + "description": "Expiration time of the CA Cert.", + "type": "string" + }, + "sha1Fingerprint": { + "description": "SHA Fingerprint of the CA Cert.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountEmailAddress": { + "description": "The service account email address assigned to the instance.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/sql.cnrm.cloud.google.com/sqlsslcert_v1beta1.json b/sql.cnrm.cloud.google.com/sqlsslcert_v1beta1.json new file mode 100644 index 00000000..0fccebfa --- /dev/null +++ b/sql.cnrm.cloud.google.com/sqlsslcert_v1beta1.json @@ -0,0 +1,155 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "commonName": { + "description": "Immutable. The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.", + "type": "string" + }, + "instanceRef": { + "description": "The Cloud SQL instance.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SQLInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated sha1Fingerprint of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + } + }, + "required": [ + "commonName", + "instanceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "cert": { + "description": "The actual certificate data for this client certificate.", + "type": "string" + }, + "certSerialNumber": { + "description": "The serial number extracted from the certificate data.", + "type": "string" + }, + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.", + "type": "string" + }, + "expirationTime": { + "description": "The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "privateKey": { + "description": "The private key associated with the client certificate.", + "type": "string" + }, + "serverCaCert": { + "description": "The CA cert of the server this client cert was generated from.", + "type": "string" + }, + "sha1Fingerprint": { + "description": "The SHA1 Fingerprint of the certificate.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/sql.cnrm.cloud.google.com/sqluser_v1beta1.json b/sql.cnrm.cloud.google.com/sqluser_v1beta1.json new file mode 100644 index 00000000..600fcf14 --- /dev/null +++ b/sql.cnrm.cloud.google.com/sqluser_v1beta1.json @@ -0,0 +1,247 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "host": { + "description": "Immutable. The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created.", + "type": "string" + }, + "instanceRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `SQLInstance` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "password": { + "description": "The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to\n either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "passwordPolicy": { + "properties": { + "allowedFailedAttempts": { + "description": "Number of failed attempts allowed before the user get locked.", + "type": "integer" + }, + "enableFailedAttemptsCheck": { + "description": "If true, the check that will lock user after too many failed login attempts will be enabled.", + "type": "boolean" + }, + "enablePasswordVerification": { + "description": "If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.", + "type": "boolean" + }, + "passwordExpirationDuration": { + "description": "Password expiration duration with one week grace period.", + "type": "string" + }, + "status": { + "items": { + "properties": { + "locked": { + "description": "If true, user does not have login privileges.", + "type": "boolean" + }, + "passwordExpirationTime": { + "description": "Password expiration duration with one week grace period.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "type": { + "description": "Immutable. The user type. It determines the method to authenticate the user during login.\n The default is the database's built-in user type. Flags include \"BUILT_IN\", \"CLOUD_IAM_USER\", or \"CLOUD_IAM_SERVICE_ACCOUNT\".", + "type": "string" + } + }, + "required": [ + "instanceRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "sqlServerUserDetails": { + "items": { + "properties": { + "disabled": { + "description": "If the user has been disabled.", + "type": "boolean" + }, + "serverRoles": { + "description": "The server roles for this user in the database.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/storage.cnrm.cloud.google.com/storagebucket_v1beta1.json b/storage.cnrm.cloud.google.com/storagebucket_v1beta1.json new file mode 100644 index 00000000..71fb7d6a --- /dev/null +++ b/storage.cnrm.cloud.google.com/storagebucket_v1beta1.json @@ -0,0 +1,385 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "autoclass": { + "description": "The bucket's autoclass configuration.", + "properties": { + "enabled": { + "description": "While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "bucketPolicyOnly": { + "description": "DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field.\nEnables Bucket PolicyOnly access to a bucket.", + "type": "boolean" + }, + "cors": { + "description": "The bucket's Cross-Origin Resource Sharing (CORS) configuration.", + "items": { + "properties": { + "maxAgeSeconds": { + "description": "The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.", + "type": "integer" + }, + "method": { + "description": "The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "origin": { + "description": "The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "responseHeader": { + "description": "The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "customPlacementConfig": { + "description": "The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.", + "properties": { + "dataLocations": { + "description": "Immutable. The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "dataLocations" + ], + "type": "object", + "additionalProperties": false + }, + "defaultEventBasedHold": { + "description": "Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.", + "type": "boolean" + }, + "encryption": { + "description": "The bucket's encryption configuration.", + "properties": { + "kmsKeyRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "kmsKeyRef" + ], + "type": "object", + "additionalProperties": false + }, + "lifecycleRule": { + "description": "The bucket's Lifecycle Rules configuration.", + "items": { + "properties": { + "action": { + "description": "The Lifecycle Rule's action configuration. A single block of this type is supported.", + "properties": { + "storageClass": { + "description": "The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.", + "type": "string" + }, + "type": { + "description": "The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "condition": { + "description": "The Lifecycle Rule's condition configuration.", + "properties": { + "age": { + "description": "Minimum age of an object in days to satisfy this condition.", + "type": "integer" + }, + "createdBefore": { + "description": "Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.", + "type": "string" + }, + "customTimeBefore": { + "description": "Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.", + "type": "string" + }, + "daysSinceCustomTime": { + "description": "Number of days elapsed since the user-specified timestamp set on an object.", + "type": "integer" + }, + "daysSinceNoncurrentTime": { + "description": "Number of days elapsed since the noncurrent timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition is relevant only for versioned objects.", + "type": "integer" + }, + "matchesPrefix": { + "description": "One or more matching name prefixes to satisfy this condition.", + "items": { + "type": "string" + }, + "type": "array" + }, + "matchesStorageClass": { + "description": "Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.", + "items": { + "type": "string" + }, + "type": "array" + }, + "matchesSuffix": { + "description": "One or more matching name suffixes to satisfy this condition.", + "items": { + "type": "string" + }, + "type": "array" + }, + "noncurrentTimeBefore": { + "description": "Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.", + "type": "string" + }, + "numNewerVersions": { + "description": "Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.", + "type": "integer" + }, + "withState": { + "description": "Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "action", + "condition" + ], + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "location": { + "default": "US", + "description": "Immutable. The Google Cloud Storage location.", + "type": "string" + }, + "logging": { + "description": "The bucket's Access & Storage Logs configuration.", + "properties": { + "logBucket": { + "description": "The bucket that will receive log objects.", + "type": "string" + }, + "logObjectPrefix": { + "description": "The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.", + "type": "string" + } + }, + "required": [ + "logBucket" + ], + "type": "object", + "additionalProperties": false + }, + "publicAccessPrevention": { + "description": "Prevents public access to a bucket.", + "type": "string" + }, + "requesterPays": { + "description": "Enables Requester Pays on a storage bucket.", + "type": "boolean" + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "retentionPolicy": { + "description": "Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.", + "properties": { + "isLocked": { + "description": "If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.", + "type": "boolean" + }, + "retentionPeriod": { + "description": "The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.", + "type": "integer" + } + }, + "required": [ + "retentionPeriod" + ], + "type": "object", + "additionalProperties": false + }, + "storageClass": { + "description": "The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.", + "type": "string" + }, + "uniformBucketLevelAccess": { + "description": "Enables uniform bucket-level access on a bucket.", + "type": "boolean" + }, + "versioning": { + "description": "The bucket's Versioning configuration.", + "properties": { + "enabled": { + "description": "While set to true, versioning is fully enabled for this bucket.", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object", + "additionalProperties": false + }, + "website": { + "description": "Configuration if the bucket acts as a website.", + "properties": { + "mainPageSuffix": { + "description": "Behaves as the bucket's directory index where missing objects are treated as potential directories.", + "type": "string" + }, + "notFoundPage": { + "description": "The custom object to return when a requested resource is not found.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + }, + "url": { + "description": "The base URL of the bucket, in the format gs://.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/storage.cnrm.cloud.google.com/storagebucketaccesscontrol_v1beta1.json b/storage.cnrm.cloud.google.com/storagebucketaccesscontrol_v1beta1.json new file mode 100644 index 00000000..ef07b7ab --- /dev/null +++ b/storage.cnrm.cloud.google.com/storagebucketaccesscontrol_v1beta1.json @@ -0,0 +1,135 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "bucketRef": { + "description": "Reference to the bucket.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "entity": { + "description": "Immutable. The entity holding the permission, in one of the following forms:\n user-userId\n user-email\n group-groupId\n group-email\n domain-domain\n project-team-projectId\n allUsers\n allAuthenticatedUsers\nExamples:\n The user liz@example.com would be user-liz@example.com.\n The group example@googlegroups.com would be\n group-example@googlegroups.com.\n To refer to all members of the Google Apps for Business domain\n example.com, the entity would be domain-example.com.", + "type": "string" + }, + "role": { + "description": "The access permission for the entity. Possible values: [\"OWNER\", \"READER\", \"WRITER\"].", + "type": "string" + } + }, + "required": [ + "bucketRef", + "entity" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "domain": { + "description": "The domain associated with the entity.", + "type": "string" + }, + "email": { + "description": "The email address associated with the entity.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/storage.cnrm.cloud.google.com/storagedefaultobjectaccesscontrol_v1beta1.json b/storage.cnrm.cloud.google.com/storagedefaultobjectaccesscontrol_v1beta1.json new file mode 100644 index 00000000..8f4d083f --- /dev/null +++ b/storage.cnrm.cloud.google.com/storagedefaultobjectaccesscontrol_v1beta1.json @@ -0,0 +1,163 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "bucketRef": { + "description": "Reference to the bucket.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "entity": { + "description": "The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers.", + "type": "string" + }, + "object": { + "description": "The name of the object, if applied to an object.", + "type": "string" + }, + "role": { + "description": "The access permission for the entity. Possible values: [\"OWNER\", \"READER\"].", + "type": "string" + } + }, + "required": [ + "bucketRef", + "entity", + "role" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "domain": { + "description": "The domain associated with the entity.", + "type": "string" + }, + "email": { + "description": "The email address associated with the entity.", + "type": "string" + }, + "entityId": { + "description": "The ID for the entity.", + "type": "string" + }, + "generation": { + "description": "The content generation of the object, if applied to an object.", + "type": "integer" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "projectTeam": { + "description": "The project team associated with the entity.", + "properties": { + "projectNumber": { + "description": "The project team associated with the entity.", + "type": "string" + }, + "team": { + "description": "The team. Possible values: [\"editors\", \"owners\", \"viewers\"].", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/storage.cnrm.cloud.google.com/storagenotification_v1beta1.json b/storage.cnrm.cloud.google.com/storagenotification_v1beta1.json new file mode 100644 index 00000000..38fa0435 --- /dev/null +++ b/storage.cnrm.cloud.google.com/storagenotification_v1beta1.json @@ -0,0 +1,202 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "bucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "customAttributes": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. A set of key/value attribute pairs to attach to each Cloud Pub/Sub message published for this notification subscription.", + "type": "object" + }, + "eventTypes": { + "description": "Immutable. List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: \"OBJECT_FINALIZE\", \"OBJECT_METADATA_UPDATE\", \"OBJECT_DELETE\", \"OBJECT_ARCHIVE\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "objectNamePrefix": { + "description": "Immutable. Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.", + "type": "string" + }, + "payloadFormat": { + "description": "Immutable. The desired content of the Payload. One of \"JSON_API_V1\" or \"NONE\".", + "type": "string" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated notificationId of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "topicRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "bucketRef", + "payloadFormat", + "topicRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "notificationId": { + "description": "The ID of the created notification.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The URI of the created resource.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/storagetransfer.cnrm.cloud.google.com/storagetransferjob_v1beta1.json b/storagetransfer.cnrm.cloud.google.com/storagetransferjob_v1beta1.json new file mode 100644 index 00000000..a4680bbd --- /dev/null +++ b/storagetransfer.cnrm.cloud.google.com/storagetransferjob_v1beta1.json @@ -0,0 +1,747 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "Unique description to identify the Transfer Job.", + "type": "string" + }, + "notificationConfig": { + "description": "Notification configuration.", + "properties": { + "eventTypes": { + "description": "Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are \"TRANSFER_OPERATION_SUCCESS\", \"TRANSFER_OPERATION_FAILED\", \"TRANSFER_OPERATION_ABORTED\".", + "items": { + "type": "string" + }, + "type": "array" + }, + "payloadFormat": { + "description": "The desired format of the notification message payloads. One of \"NONE\" or \"JSON\".", + "type": "string" + }, + "topicRef": { + "description": "The PubSubTopic to which to publish notifications.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, where {{value}} is the `name` field of a `PubSubTopic` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "payloadFormat", + "topicRef" + ], + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "schedule": { + "description": "Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run.", + "properties": { + "repeatInterval": { + "description": "Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "scheduleEndDate": { + "description": "The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once.", + "properties": { + "day": { + "description": "Day of month. Must be from 1 to 31 and valid for the year and month.", + "type": "integer" + }, + "month": { + "description": "Month of year. Must be from 1 to 12.", + "type": "integer" + }, + "year": { + "description": "Year of date. Must be from 1 to 9999.", + "type": "integer" + } + }, + "required": [ + "day", + "month", + "year" + ], + "type": "object", + "additionalProperties": false + }, + "scheduleStartDate": { + "description": "The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day.", + "properties": { + "day": { + "description": "Day of month. Must be from 1 to 31 and valid for the year and month.", + "type": "integer" + }, + "month": { + "description": "Month of year. Must be from 1 to 12.", + "type": "integer" + }, + "year": { + "description": "Year of date. Must be from 1 to 9999.", + "type": "integer" + } + }, + "required": [ + "day", + "month", + "year" + ], + "type": "object", + "additionalProperties": false + }, + "startTimeOfDay": { + "description": "The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer's start time in a day is specified in your local timezone.", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23.", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59.", + "type": "integer" + } + }, + "required": [ + "hours", + "minutes", + "nanos", + "seconds" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "scheduleStartDate" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.", + "type": "string" + }, + "transferSpec": { + "description": "Transfer specification.", + "properties": { + "awsS3DataSource": { + "description": "An AWS S3 data source.", + "properties": { + "awsAccessKey": { + "description": "AWS credentials block.", + "properties": { + "accessKeyId": { + "description": "AWS Key ID.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "secretAccessKey": { + "description": "AWS Secret Access Key.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessKeyId", + "secretAccessKey" + ], + "type": "object", + "additionalProperties": false + }, + "bucketName": { + "description": "S3 Bucket name.", + "type": "string" + }, + "path": { + "description": "S3 Bucket path in bucket to transfer.", + "type": "string" + }, + "roleArn": { + "description": "The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.", + "type": "string" + } + }, + "required": [ + "bucketName" + ], + "type": "object", + "additionalProperties": false + }, + "azureBlobStorageDataSource": { + "description": "An Azure Blob Storage data source.", + "properties": { + "azureCredentials": { + "description": " Credentials used to authenticate API requests to Azure.", + "properties": { + "sasToken": { + "description": "Azure shared access signature.", + "oneOf": [ + { + "not": { + "required": [ + "valueFrom" + ] + }, + "required": [ + "value" + ] + }, + { + "not": { + "required": [ + "value" + ] + }, + "required": [ + "valueFrom" + ] + } + ], + "properties": { + "value": { + "description": "Value of the field. Cannot be used if 'valueFrom' is specified.", + "type": "string" + }, + "valueFrom": { + "description": "Source for the field's value. Cannot be used if 'value' is specified.", + "properties": { + "secretKeyRef": { + "description": "Reference to a value with the given key in the given Secret in the resource's namespace.", + "properties": { + "key": { + "description": "Key that identifies the value to be extracted.", + "type": "string" + }, + "name": { + "description": "Name of the Secret to extract a value from.", + "type": "string" + } + }, + "required": [ + "name", + "key" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "sasToken" + ], + "type": "object", + "additionalProperties": false + }, + "container": { + "description": "The container to transfer from the Azure Storage account.", + "type": "string" + }, + "path": { + "description": "Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.", + "type": "string" + }, + "storageAccount": { + "description": "The name of the Azure Storage account.", + "type": "string" + } + }, + "required": [ + "azureCredentials", + "container", + "storageAccount" + ], + "type": "object", + "additionalProperties": false + }, + "gcsDataSink": { + "description": "A Google Cloud Storage data sink.", + "properties": { + "bucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "path": { + "description": "Google Cloud Storage path in bucket to transfer.", + "type": "string" + } + }, + "required": [ + "bucketRef" + ], + "type": "object", + "additionalProperties": false + }, + "gcsDataSource": { + "description": "A Google Cloud Storage data source.", + "properties": { + "bucketRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `StorageBucket` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "path": { + "description": "Google Cloud Storage path in bucket to transfer.", + "type": "string" + } + }, + "required": [ + "bucketRef" + ], + "type": "object", + "additionalProperties": false + }, + "httpDataSource": { + "description": "A HTTP URL data source.", + "properties": { + "listUrl": { + "description": "The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.", + "type": "string" + } + }, + "required": [ + "listUrl" + ], + "type": "object", + "additionalProperties": false + }, + "objectConditions": { + "description": "Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink.", + "properties": { + "excludePrefixes": { + "description": "exclude_prefixes must follow the requirements described for include_prefixes.", + "items": { + "type": "string" + }, + "type": "array" + }, + "includePrefixes": { + "description": "If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions.", + "items": { + "type": "string" + }, + "type": "array" + }, + "lastModifiedBefore": { + "description": "If specified, only objects with a \"last modification time\" before this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "lastModifiedSince": { + "description": "If specified, only objects with a \"last modification time\" on or after this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "maxTimeElapsedSinceLastModification": { + "description": "A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + }, + "minTimeElapsedSinceLastModification": { + "description": "A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "posixDataSink": { + "description": "A POSIX filesystem data sink.", + "properties": { + "rootDirectory": { + "description": "Root directory path to the filesystem.", + "type": "string" + } + }, + "required": [ + "rootDirectory" + ], + "type": "object", + "additionalProperties": false + }, + "posixDataSource": { + "description": "A POSIX filesystem data source.", + "properties": { + "rootDirectory": { + "description": "Root directory path to the filesystem.", + "type": "string" + } + }, + "required": [ + "rootDirectory" + ], + "type": "object", + "additionalProperties": false + }, + "sinkAgentPoolName": { + "description": "Immutable. Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.", + "type": "string" + }, + "sourceAgentPoolName": { + "description": "Immutable. Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.", + "type": "string" + }, + "transferOptions": { + "description": "Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink.", + "properties": { + "deleteObjectsFromSourceAfterTransfer": { + "description": "Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.", + "type": "boolean" + }, + "deleteObjectsUniqueInSink": { + "description": "Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.", + "type": "boolean" + }, + "overwriteObjectsAlreadyExistingInSink": { + "description": "Whether overwriting objects that already exist in the sink is allowed.", + "type": "boolean" + }, + "overwriteWhen": { + "description": "When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "description", + "transferSpec" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "creationTime": { + "description": "When the Transfer Job was created.", + "type": "string" + }, + "deletionTime": { + "description": "When the Transfer Job was deleted.", + "type": "string" + }, + "lastModificationTime": { + "description": "When the Transfer Job was last modified.", + "type": "string" + }, + "name": { + "description": "The name of the Transfer Job.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/tags.cnrm.cloud.google.com/tagstagbinding_v1beta1.json b/tags.cnrm.cloud.google.com/tagstagbinding_v1beta1.json new file mode 100644 index 00000000..64c470a8 --- /dev/null +++ b/tags.cnrm.cloud.google.com/tagstagbinding_v1beta1.json @@ -0,0 +1,175 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "parentRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, where {{value}} is the `number` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "tagValueRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `tagValues/{{value}}`, where {{value}} is the `name` field of a `TagsTagValue` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "parentRef", + "tagValueRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "name": { + "description": "The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/tags.cnrm.cloud.google.com/tagstagkey_v1beta1.json b/tags.cnrm.cloud.google.com/tagstagkey_v1beta1.json new file mode 100644 index 00000000..14ceec7e --- /dev/null +++ b/tags.cnrm.cloud.google.com/tagstagkey_v1beta1.json @@ -0,0 +1,112 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "User-assigned description of the TagKey. Must not exceed 256 characters.", + "type": "string" + }, + "parent": { + "description": "Immutable. Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}.", + "type": "string" + }, + "purpose": { + "description": "Immutable. Optional. A purpose cannot be changed once set.\n\nA purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: [\"GCE_FIREWALL\"].", + "type": "string" + }, + "purposeData": { + "additionalProperties": { + "type": "string" + }, + "description": "Immutable. Optional. Purpose data cannot be changed once set.\n\nPurpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = \"/\"'.", + "type": "object" + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "shortName": { + "description": "Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace.\n\nThe short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.", + "type": "string" + } + }, + "required": [ + "parent", + "shortName" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "name": { + "description": "The generated numeric id for the TagKey.", + "type": "string" + }, + "namespacedName": { + "description": "Output only. Namespaced name of the TagKey.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. Update time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/tags.cnrm.cloud.google.com/tagstagvalue_v1beta1.json b/tags.cnrm.cloud.google.com/tagstagvalue_v1beta1.json new file mode 100644 index 00000000..df9d869f --- /dev/null +++ b/tags.cnrm.cloud.google.com/tagstagvalue_v1beta1.json @@ -0,0 +1,146 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "description": { + "description": "User-assigned description of the TagValue. Must not exceed 256 characters.", + "type": "string" + }, + "parentRef": { + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: string of the format `tagKeys/{{value}}`, where {{value}} is the `name` field of a `TagsTagKey` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource.", + "type": "string" + }, + "shortName": { + "description": "Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey.\n\nThe short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.", + "type": "string" + } + }, + "required": [ + "parentRef", + "shortName" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "createTime": { + "description": "Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + }, + "name": { + "description": "The generated numeric id for the TagValue.", + "type": "string" + }, + "namespacedName": { + "description": "Output only. Namespaced name of the TagValue. Will be in the format {parentNamespace}/{tagKeyShortName}/{shortName}.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "updateTime": { + "description": "Output only. Update time.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +} diff --git a/vpcaccess.cnrm.cloud.google.com/vpcaccessconnector_v1beta1.json b/vpcaccess.cnrm.cloud.google.com/vpcaccessconnector_v1beta1.json new file mode 100644 index 00000000..cecaf862 --- /dev/null +++ b/vpcaccess.cnrm.cloud.google.com/vpcaccessconnector_v1beta1.json @@ -0,0 +1,323 @@ +{ + "properties": { + "apiVersion": { + "description": "apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "ipCidrRange": { + "description": "Immutable. The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.", + "type": "string" + }, + "location": { + "description": "Location represents the geographical location of the VPCAccessConnector. Specify a region name. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)", + "type": "string" + }, + "machineType": { + "description": "Immutable. Machine type of VM Instance underlying connector. Default is e2-micro.", + "type": "string" + }, + "maxInstances": { + "description": "Immutable. Maximum value of instances in autoscaling group underlying the connector.", + "type": "integer" + }, + "maxThroughput": { + "description": "Immutable. Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300.", + "type": "integer" + }, + "minInstances": { + "description": "Immutable. Minimum value of instances in autoscaling group underlying the connector.", + "type": "integer" + }, + "minThroughput": { + "description": "Immutable. Minimum throughput of the connector in Mbps. Default and min is 200.", + "type": "integer" + }, + "networkRef": { + "description": "Immutable. Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `selfLink` field of a `ComputeNetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. The project that this resource belongs to.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "resourceID": { + "description": "Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default.", + "type": "string" + }, + "subnet": { + "description": "Immutable. The subnet in which to house the connector.", + "properties": { + "nameRef": { + "description": "Immutable. Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is\nhttps://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}\"", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `ComputeSubnetwork` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "projectRef": { + "description": "Immutable. Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued.", + "oneOf": [ + { + "not": { + "required": [ + "external" + ] + }, + "required": [ + "name" + ] + }, + { + "not": { + "anyOf": [ + { + "required": [ + "name" + ] + }, + { + "required": [ + "namespace" + ] + } + ] + }, + "required": [ + "external" + ] + } + ], + "properties": { + "external": { + "description": "Allowed value: The `name` field of a `Project` resource.", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "location", + "projectRef" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Conditions represent the latest available observation of the resource's current state.", + "items": { + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": "array" + }, + "connectedProjects": { + "description": "List of projects using the connector.", + "items": { + "type": "string" + }, + "type": "array" + }, + "observedGeneration": { + "description": "ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.", + "type": "integer" + }, + "selfLink": { + "description": "The fully qualified name of this VPC connector.", + "type": "string" + }, + "state": { + "description": "State of the VPC access connector.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "spec" + ], + "type": "object" +}